From bugzilla at redhat.com Mon Jan 2 11:23:21 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Jan 2017 06:23:21 -0500 Subject: [RHSA-2017:0001-01] Moderate: ipa security update Message-ID: <201701021123.v02BNLP4013260@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ipa security update Advisory ID: RHSA-2017:0001-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0001.html Issue date: 2017-01-02 CVE Names: CVE-2016-7030 CVE-2016-9575 ===================================================================== 1. Summary: An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services. (CVE-2016-7030) * It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. (CVE-2016-9575) The CVE-2016-7030 issue was discovered by Petr Spacek (Red Hat) and the CVE-2016-9575 issue was discovered by Liam Campbell (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1370493 - CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy 1395311 - CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm noarch: ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm noarch: ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm aarch64: ipa-client-4.4.0-14.el7_3.1.1.aarch64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.aarch64.rpm noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm ppc64: ipa-client-4.4.0-14.el7_3.1.1.ppc64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.ppc64.rpm ppc64le: ipa-client-4.4.0-14.el7_3.1.1.ppc64le.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.ppc64le.rpm s390x: ipa-client-4.4.0-14.el7_3.1.1.s390x.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.s390x.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ipa-4.4.0-14.el7_3.1.1.src.rpm noarch: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm x86_64: ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7030 https://access.redhat.com/security/cve/CVE-2016-9575 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYajgnXlSAg2UNWIIRAuijAJ4gXTGTMPQiEmlXks0jn+TZ1vhEzgCgmcJt DGQauZp1jzO249TxyXk0qfg= =Hozf -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 2 15:56:50 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Jan 2017 10:56:50 -0500 Subject: [RHSA-2017:0002-01] Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update Message-ID: <201701021556.v02Fuo7R009041@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update Advisory ID: RHSA-2017:0002-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0002.html Issue date: 2017-01-02 CVE Names: CVE-2016-1669 CVE-2016-5180 CVE-2016-5325 CVE-2016-7099 ===================================================================== 1. Summary: An update for rh-nodejs4-nodejs and rh-nodejs4-http-parser is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs (4.6.2), rh-nodejs4-http-parser (2.7.0). (BZ#1388097) Security Fix(es): * It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client. (CVE-2016-7099) * It was found that the V8 Zone class was vulnerable to integer overflow when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges. (CVE-2016-1669) * A vulnerability was found in c-ares, a DNS resolver library bundled with Node.js. A hostname with an escaped trailing dot would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash. (CVE-2016-5180) * It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. (CVE-2016-5325) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1335449 - CVE-2016-1669 V8: integer overflow leading to buffer overflow in Zone::New 1346910 - CVE-2016-5325 nodejs: reason argument in ServerResponse#writeHead() not properly validated 1379921 - CVE-2016-7099 nodejs: wildcard certificates not properly validated 1380463 - CVE-2016-5180 c-ares: Single byte out of buffer write 1388097 - Rebase nodejs to latest v4 release 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nodejs4-http-parser-2.7.0-2.el6.src.rpm rh-nodejs4-nodejs-4.6.2-4.el6.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el6.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el6.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-nodejs4-http-parser-2.7.0-2.el6.src.rpm rh-nodejs4-nodejs-4.6.2-4.el6.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el6.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el6.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nodejs4-http-parser-2.7.0-2.el6.src.rpm rh-nodejs4-nodejs-4.6.2-4.el6.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el6.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el6.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el6.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el6.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs4-http-parser-2.7.0-2.el7.src.rpm rh-nodejs4-nodejs-4.6.2-4.el7.src.rpm noarch: rh-nodejs4-nodejs-docs-4.6.2-4.el7.noarch.rpm x86_64: rh-nodejs4-http-parser-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-debuginfo-2.7.0-2.el7.x86_64.rpm rh-nodejs4-http-parser-devel-2.7.0-2.el7.x86_64.rpm rh-nodejs4-nodejs-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-debuginfo-4.6.2-4.el7.x86_64.rpm rh-nodejs4-nodejs-devel-4.6.2-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1669 https://access.redhat.com/security/cve/CVE-2016-5180 https://access.redhat.com/security/cve/CVE-2016-5325 https://access.redhat.com/security/cve/CVE-2016-7099 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYang/XlSAg2UNWIIRAqPhAJ4rtqdCTCITn3nsH6i7k5urjevpaQCcD5oD hZtZN/u1FLCbl80ixw3ROf0= =bLnw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 3 19:19:19 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Jan 2017 19:19:19 +0000 Subject: [RHSA-2017:0003-01] Moderate: systemd security update Message-ID: <201701031919.v03JJL6p026519@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemd security update Advisory ID: RHSA-2017:0003-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0003.html Issue date: 2017-01-03 CVE Names: CVE-2016-7796 ===================================================================== 1. Summary: An update for systemd is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. (CVE-2016-7796) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1381911 - CVE-2016-7796 systemd: freeze when PID 1 receives a zero-length message over notify socket 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: systemd-208-20.el7_1.9.src.rpm x86_64: libgudev1-208-20.el7_1.9.i686.rpm libgudev1-208-20.el7_1.9.x86_64.rpm systemd-208-20.el7_1.9.x86_64.rpm systemd-debuginfo-208-20.el7_1.9.i686.rpm systemd-debuginfo-208-20.el7_1.9.x86_64.rpm systemd-libs-208-20.el7_1.9.i686.rpm systemd-libs-208-20.el7_1.9.x86_64.rpm systemd-python-208-20.el7_1.9.x86_64.rpm systemd-sysv-208-20.el7_1.9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: libgudev1-devel-208-20.el7_1.9.i686.rpm libgudev1-devel-208-20.el7_1.9.x86_64.rpm systemd-debuginfo-208-20.el7_1.9.i686.rpm systemd-debuginfo-208-20.el7_1.9.x86_64.rpm systemd-devel-208-20.el7_1.9.i686.rpm systemd-devel-208-20.el7_1.9.x86_64.rpm systemd-journal-gateway-208-20.el7_1.9.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: systemd-208-20.el7_1.9.src.rpm ppc64: libgudev1-208-20.el7_1.9.ppc.rpm libgudev1-208-20.el7_1.9.ppc64.rpm libgudev1-devel-208-20.el7_1.9.ppc.rpm libgudev1-devel-208-20.el7_1.9.ppc64.rpm systemd-208-20.el7_1.9.ppc64.rpm systemd-debuginfo-208-20.el7_1.9.ppc.rpm systemd-debuginfo-208-20.el7_1.9.ppc64.rpm systemd-devel-208-20.el7_1.9.ppc.rpm systemd-devel-208-20.el7_1.9.ppc64.rpm systemd-libs-208-20.el7_1.9.ppc.rpm systemd-libs-208-20.el7_1.9.ppc64.rpm systemd-python-208-20.el7_1.9.ppc64.rpm systemd-sysv-208-20.el7_1.9.ppc64.rpm s390x: libgudev1-208-20.el7_1.9.s390.rpm libgudev1-208-20.el7_1.9.s390x.rpm libgudev1-devel-208-20.el7_1.9.s390.rpm libgudev1-devel-208-20.el7_1.9.s390x.rpm systemd-208-20.el7_1.9.s390x.rpm systemd-debuginfo-208-20.el7_1.9.s390.rpm systemd-debuginfo-208-20.el7_1.9.s390x.rpm systemd-devel-208-20.el7_1.9.s390.rpm systemd-devel-208-20.el7_1.9.s390x.rpm systemd-libs-208-20.el7_1.9.s390.rpm systemd-libs-208-20.el7_1.9.s390x.rpm systemd-python-208-20.el7_1.9.s390x.rpm systemd-sysv-208-20.el7_1.9.s390x.rpm x86_64: libgudev1-208-20.el7_1.9.i686.rpm libgudev1-208-20.el7_1.9.x86_64.rpm libgudev1-devel-208-20.el7_1.9.i686.rpm libgudev1-devel-208-20.el7_1.9.x86_64.rpm systemd-208-20.el7_1.9.x86_64.rpm systemd-debuginfo-208-20.el7_1.9.i686.rpm systemd-debuginfo-208-20.el7_1.9.x86_64.rpm systemd-devel-208-20.el7_1.9.i686.rpm systemd-devel-208-20.el7_1.9.x86_64.rpm systemd-libs-208-20.el7_1.9.i686.rpm systemd-libs-208-20.el7_1.9.x86_64.rpm systemd-python-208-20.el7_1.9.x86_64.rpm systemd-sysv-208-20.el7_1.9.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: systemd-208-20.ael7b_1.9.src.rpm ppc64le: libgudev1-208-20.ael7b_1.9.ppc64le.rpm libgudev1-devel-208-20.ael7b_1.9.ppc64le.rpm systemd-208-20.ael7b_1.9.ppc64le.rpm systemd-debuginfo-208-20.ael7b_1.9.ppc64le.rpm systemd-devel-208-20.ael7b_1.9.ppc64le.rpm systemd-libs-208-20.ael7b_1.9.ppc64le.rpm systemd-python-208-20.ael7b_1.9.ppc64le.rpm systemd-sysv-208-20.ael7b_1.9.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: systemd-debuginfo-208-20.el7_1.9.ppc64.rpm systemd-journal-gateway-208-20.el7_1.9.ppc64.rpm s390x: systemd-debuginfo-208-20.el7_1.9.s390x.rpm systemd-journal-gateway-208-20.el7_1.9.s390x.rpm x86_64: systemd-debuginfo-208-20.el7_1.9.x86_64.rpm systemd-journal-gateway-208-20.el7_1.9.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: systemd-debuginfo-208-20.ael7b_1.9.ppc64le.rpm systemd-journal-gateway-208-20.ael7b_1.9.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7796 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYa/kTXlSAg2UNWIIRAibWAJ99vaCcOMil4uf9TKoDi26yEvxR1wCcDHYr oeHEj/3xRguMcdita/BfGGw= =i6Qg -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 3 19:24:07 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Jan 2017 19:24:07 +0000 Subject: [RHSA-2017:0004-01] Important: kernel security and bug fix update Message-ID: <201701031924.v03JO9EY030826@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0004-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0004.html Issue date: 2017-01-03 CVE Names: CVE-2016-8666 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash. (CVE-2016-8666, Important) Bug Fix(es): * When a virtual machine (VM) with PCI-Passthrough interfaces was recreated, the operating system rebooted. This update fixes the race condition between the eventfd daemon and the virqfd daemon. As a result, the operating system no longer reboots in the described situation. (BZ#1391609) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384991 - CVE-2016-8666 kernel: Remotely triggerable recursion in GRE code leading to kernel crash 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.46.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.46.1.el7.noarch.rpm kernel-doc-3.10.0-229.46.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.46.1.el7.x86_64.rpm kernel-debug-3.10.0-229.46.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.46.1.el7.x86_64.rpm kernel-devel-3.10.0-229.46.1.el7.x86_64.rpm kernel-headers-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.46.1.el7.x86_64.rpm perf-3.10.0-229.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm python-perf-3.10.0-229.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.46.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.46.1.el7.noarch.rpm kernel-doc-3.10.0-229.46.1.el7.noarch.rpm ppc64: kernel-3.10.0-229.46.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.46.1.el7.ppc64.rpm kernel-debug-3.10.0-229.46.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.46.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.46.1.el7.ppc64.rpm kernel-devel-3.10.0-229.46.1.el7.ppc64.rpm kernel-headers-3.10.0-229.46.1.el7.ppc64.rpm kernel-tools-3.10.0-229.46.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.46.1.el7.ppc64.rpm perf-3.10.0-229.46.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm s390x: kernel-3.10.0-229.46.1.el7.s390x.rpm kernel-debug-3.10.0-229.46.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.46.1.el7.s390x.rpm kernel-debug-devel-3.10.0-229.46.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.46.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.46.1.el7.s390x.rpm kernel-devel-3.10.0-229.46.1.el7.s390x.rpm kernel-headers-3.10.0-229.46.1.el7.s390x.rpm kernel-kdump-3.10.0-229.46.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.46.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.46.1.el7.s390x.rpm perf-3.10.0-229.46.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.46.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.s390x.rpm x86_64: kernel-3.10.0-229.46.1.el7.x86_64.rpm kernel-debug-3.10.0-229.46.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.46.1.el7.x86_64.rpm kernel-devel-3.10.0-229.46.1.el7.x86_64.rpm kernel-headers-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.46.1.el7.x86_64.rpm perf-3.10.0-229.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.46.1.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.46.1.ael7b.noarch.rpm kernel-doc-3.10.0-229.46.1.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.46.1.ael7b.ppc64le.rpm perf-3.10.0-229.46.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.46.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.46.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm python-perf-3.10.0-229.46.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.46.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.46.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.46.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.46.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.46.1.el7.s390x.rpm python-perf-3.10.0-229.46.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm python-perf-3.10.0-229.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.46.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.46.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm python-perf-3.10.0-229.46.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.46.1.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8666 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYa/lHXlSAg2UNWIIRAvgJAJ91x1Dj3kwZIvOmgsHdcZJBN2259wCfYdZM g+xdIsEp7XP6WsrPNFpXii0= =sHit -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 4 10:26:14 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Jan 2017 05:26:14 -0500 Subject: [RHSA-2017:0013-01] Moderate: ghostscript security update Message-ID: <201701041026.v04AQExT028011@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ghostscript security update Advisory ID: RHSA-2017:0013-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0013.html Issue date: 2017-01-04 CVE Names: CVE-2013-5653 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 ===================================================================== 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1380327 - CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER 1380415 - CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER 1382300 - CVE-2016-7978 ghostscript: reference leak in .setdevice allows use-after-free and remote code execution 1382305 - CVE-2016-7979 ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution 1383940 - CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ghostscript-9.07-20.el7_3.1.src.rpm x86_64: ghostscript-9.07-20.el7_3.1.i686.rpm ghostscript-9.07-20.el7_3.1.x86_64.rpm ghostscript-cups-9.07-20.el7_3.1.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ghostscript-doc-9.07-20.el7_3.1.noarch.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm ghostscript-devel-9.07-20.el7_3.1.i686.rpm ghostscript-devel-9.07-20.el7_3.1.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ghostscript-9.07-20.el7_3.1.src.rpm x86_64: ghostscript-9.07-20.el7_3.1.i686.rpm ghostscript-9.07-20.el7_3.1.x86_64.rpm ghostscript-cups-9.07-20.el7_3.1.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ghostscript-doc-9.07-20.el7_3.1.noarch.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm ghostscript-devel-9.07-20.el7_3.1.i686.rpm ghostscript-devel-9.07-20.el7_3.1.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ghostscript-9.07-20.el7_3.1.src.rpm aarch64: ghostscript-9.07-20.el7_3.1.aarch64.rpm ghostscript-cups-9.07-20.el7_3.1.aarch64.rpm ghostscript-debuginfo-9.07-20.el7_3.1.aarch64.rpm ppc64: ghostscript-9.07-20.el7_3.1.ppc.rpm ghostscript-9.07-20.el7_3.1.ppc64.rpm ghostscript-cups-9.07-20.el7_3.1.ppc64.rpm ghostscript-debuginfo-9.07-20.el7_3.1.ppc.rpm ghostscript-debuginfo-9.07-20.el7_3.1.ppc64.rpm ppc64le: ghostscript-9.07-20.el7_3.1.ppc64le.rpm ghostscript-cups-9.07-20.el7_3.1.ppc64le.rpm ghostscript-debuginfo-9.07-20.el7_3.1.ppc64le.rpm s390x: ghostscript-9.07-20.el7_3.1.s390.rpm ghostscript-9.07-20.el7_3.1.s390x.rpm ghostscript-cups-9.07-20.el7_3.1.s390x.rpm ghostscript-debuginfo-9.07-20.el7_3.1.s390.rpm ghostscript-debuginfo-9.07-20.el7_3.1.s390x.rpm x86_64: ghostscript-9.07-20.el7_3.1.i686.rpm ghostscript-9.07-20.el7_3.1.x86_64.rpm ghostscript-cups-9.07-20.el7_3.1.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: ghostscript-debuginfo-9.07-20.el7_3.1.aarch64.rpm ghostscript-devel-9.07-20.el7_3.1.aarch64.rpm ghostscript-gtk-9.07-20.el7_3.1.aarch64.rpm noarch: ghostscript-doc-9.07-20.el7_3.1.noarch.rpm ppc64: ghostscript-debuginfo-9.07-20.el7_3.1.ppc.rpm ghostscript-debuginfo-9.07-20.el7_3.1.ppc64.rpm ghostscript-devel-9.07-20.el7_3.1.ppc.rpm ghostscript-devel-9.07-20.el7_3.1.ppc64.rpm ghostscript-gtk-9.07-20.el7_3.1.ppc64.rpm ppc64le: ghostscript-debuginfo-9.07-20.el7_3.1.ppc64le.rpm ghostscript-devel-9.07-20.el7_3.1.ppc64le.rpm ghostscript-gtk-9.07-20.el7_3.1.ppc64le.rpm s390x: ghostscript-debuginfo-9.07-20.el7_3.1.s390.rpm ghostscript-debuginfo-9.07-20.el7_3.1.s390x.rpm ghostscript-devel-9.07-20.el7_3.1.s390.rpm ghostscript-devel-9.07-20.el7_3.1.s390x.rpm ghostscript-gtk-9.07-20.el7_3.1.s390x.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm ghostscript-devel-9.07-20.el7_3.1.i686.rpm ghostscript-devel-9.07-20.el7_3.1.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ghostscript-9.07-20.el7_3.1.src.rpm x86_64: ghostscript-9.07-20.el7_3.1.i686.rpm ghostscript-9.07-20.el7_3.1.x86_64.rpm ghostscript-cups-9.07-20.el7_3.1.x86_64.rpm ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ghostscript-doc-9.07-20.el7_3.1.noarch.rpm x86_64: ghostscript-debuginfo-9.07-20.el7_3.1.i686.rpm ghostscript-debuginfo-9.07-20.el7_3.1.x86_64.rpm ghostscript-devel-9.07-20.el7_3.1.i686.rpm ghostscript-devel-9.07-20.el7_3.1.x86_64.rpm ghostscript-gtk-9.07-20.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-5653 https://access.redhat.com/security/cve/CVE-2016-7977 https://access.redhat.com/security/cve/CVE-2016-7978 https://access.redhat.com/security/cve/CVE-2016-7979 https://access.redhat.com/security/cve/CVE-2016-8602 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYbM3EXlSAg2UNWIIRArGGAJ9vHDLT+UYLocMDstIu+zq9i2jHYACfY89O CD6rmtcSRdpgjhzSbaCRBeg= =uzgY -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 4 10:26:26 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Jan 2017 05:26:26 -0500 Subject: [RHSA-2017:0014-01] Moderate: ghostscript security update Message-ID: <201701041026.v04AQQwF024507@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ghostscript security update Advisory ID: RHSA-2017:0014-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0014.html Issue date: 2017-01-04 CVE Names: CVE-2013-5653 CVE-2016-7977 CVE-2016-7979 CVE-2016-8602 ===================================================================== 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1380327 - CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER 1380415 - CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER 1382305 - CVE-2016-7979 ghostscript: Type confusion in .initialize_dsc_parser allows remote code execution 1383940 - CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ghostscript-8.70-21.el6_8.1.src.rpm i386: ghostscript-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm x86_64: ghostscript-8.70-21.el6_8.1.i686.rpm ghostscript-8.70-21.el6_8.1.x86_64.rpm ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-devel-8.70-21.el6_8.1.i686.rpm ghostscript-doc-8.70-21.el6_8.1.i686.rpm ghostscript-gtk-8.70-21.el6_8.1.i686.rpm x86_64: ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm ghostscript-devel-8.70-21.el6_8.1.i686.rpm ghostscript-devel-8.70-21.el6_8.1.x86_64.rpm ghostscript-doc-8.70-21.el6_8.1.x86_64.rpm ghostscript-gtk-8.70-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ghostscript-8.70-21.el6_8.1.src.rpm x86_64: ghostscript-8.70-21.el6_8.1.i686.rpm ghostscript-8.70-21.el6_8.1.x86_64.rpm ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm ghostscript-devel-8.70-21.el6_8.1.i686.rpm ghostscript-devel-8.70-21.el6_8.1.x86_64.rpm ghostscript-doc-8.70-21.el6_8.1.x86_64.rpm ghostscript-gtk-8.70-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ghostscript-8.70-21.el6_8.1.src.rpm i386: ghostscript-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ppc64: ghostscript-8.70-21.el6_8.1.ppc.rpm ghostscript-8.70-21.el6_8.1.ppc64.rpm ghostscript-debuginfo-8.70-21.el6_8.1.ppc.rpm ghostscript-debuginfo-8.70-21.el6_8.1.ppc64.rpm s390x: ghostscript-8.70-21.el6_8.1.s390.rpm ghostscript-8.70-21.el6_8.1.s390x.rpm ghostscript-debuginfo-8.70-21.el6_8.1.s390.rpm ghostscript-debuginfo-8.70-21.el6_8.1.s390x.rpm x86_64: ghostscript-8.70-21.el6_8.1.i686.rpm ghostscript-8.70-21.el6_8.1.x86_64.rpm ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-devel-8.70-21.el6_8.1.i686.rpm ghostscript-doc-8.70-21.el6_8.1.i686.rpm ghostscript-gtk-8.70-21.el6_8.1.i686.rpm ppc64: ghostscript-debuginfo-8.70-21.el6_8.1.ppc.rpm ghostscript-debuginfo-8.70-21.el6_8.1.ppc64.rpm ghostscript-devel-8.70-21.el6_8.1.ppc.rpm ghostscript-devel-8.70-21.el6_8.1.ppc64.rpm ghostscript-doc-8.70-21.el6_8.1.ppc64.rpm ghostscript-gtk-8.70-21.el6_8.1.ppc64.rpm s390x: ghostscript-debuginfo-8.70-21.el6_8.1.s390.rpm ghostscript-debuginfo-8.70-21.el6_8.1.s390x.rpm ghostscript-devel-8.70-21.el6_8.1.s390.rpm ghostscript-devel-8.70-21.el6_8.1.s390x.rpm ghostscript-doc-8.70-21.el6_8.1.s390x.rpm ghostscript-gtk-8.70-21.el6_8.1.s390x.rpm x86_64: ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm ghostscript-devel-8.70-21.el6_8.1.i686.rpm ghostscript-devel-8.70-21.el6_8.1.x86_64.rpm ghostscript-doc-8.70-21.el6_8.1.x86_64.rpm ghostscript-gtk-8.70-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ghostscript-8.70-21.el6_8.1.src.rpm i386: ghostscript-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm x86_64: ghostscript-8.70-21.el6_8.1.i686.rpm ghostscript-8.70-21.el6_8.1.x86_64.rpm ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-devel-8.70-21.el6_8.1.i686.rpm ghostscript-doc-8.70-21.el6_8.1.i686.rpm ghostscript-gtk-8.70-21.el6_8.1.i686.rpm x86_64: ghostscript-debuginfo-8.70-21.el6_8.1.i686.rpm ghostscript-debuginfo-8.70-21.el6_8.1.x86_64.rpm ghostscript-devel-8.70-21.el6_8.1.i686.rpm ghostscript-devel-8.70-21.el6_8.1.x86_64.rpm ghostscript-doc-8.70-21.el6_8.1.x86_64.rpm ghostscript-gtk-8.70-21.el6_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-5653 https://access.redhat.com/security/cve/CVE-2016-7977 https://access.redhat.com/security/cve/CVE-2016-7979 https://access.redhat.com/security/cve/CVE-2016-8602 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYbM3PXlSAg2UNWIIRAharAJ44dE6FFxiWylajqH0xfPqHekm1MwCgo3WY 0yV/E9/ZYnMXGl9IPglVQW4= =B7Qa -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 5 10:33:24 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jan 2017 10:33:24 +0000 Subject: [RHSA-2017:0018-01] Moderate: gstreamer-plugins-bad-free security update Message-ID: <201701051033.v05AXQmk006194@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gstreamer-plugins-bad-free security update Advisory ID: RHSA-2017:0018-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0018.html Issue date: 2017-01-05 CVE Names: CVE-2016-9445 CVE-2016-9447 CVE-2016-9809 ===================================================================== 1. Summary: An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9447) * An out-of-bounds heap read flaw was found in GStreamer's H.264 parser. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9809) Note: This update removes the vulnerable Nintendo NSF plug-in. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1395126 - CVE-2016-9447 gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder 1395767 - CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder 1401880 - CVE-2016-9809 gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_caps 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gstreamer-plugins-bad-free-0.10.23-22.el7_3.src.rpm x86_64: gstreamer-plugins-bad-free-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gstreamer-plugins-bad-free-0.10.23-22.el7_3.src.rpm aarch64: gstreamer-plugins-bad-free-0.10.23-22.el7_3.aarch64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.aarch64.rpm ppc64: gstreamer-plugins-bad-free-0.10.23-22.el7_3.ppc.rpm gstreamer-plugins-bad-free-0.10.23-22.el7_3.ppc64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc64.rpm ppc64le: gstreamer-plugins-bad-free-0.10.23-22.el7_3.ppc64le.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc64le.rpm s390x: gstreamer-plugins-bad-free-0.10.23-22.el7_3.s390.rpm gstreamer-plugins-bad-free-0.10.23-22.el7_3.s390x.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.s390.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.s390x.rpm x86_64: gstreamer-plugins-bad-free-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.aarch64.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.aarch64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.aarch64.rpm ppc64: gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc64.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.ppc.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.ppc64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.ppc64.rpm ppc64le: gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc64le.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.ppc64le.rpm gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.ppc64le.rpm s390x: gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.s390.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.s390x.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.s390.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.s390x.rpm gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.s390x.rpm x86_64: gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gstreamer-plugins-bad-free-0.10.23-22.el7_3.src.rpm x86_64: gstreamer-plugins-bad-free-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.i686.rpm gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.x86_64.rpm gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9445 https://access.redhat.com/security/cve/CVE-2016-9447 https://access.redhat.com/security/cve/CVE-2016-9809 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYbiDVXlSAg2UNWIIRArsZAJ9WKyXkefkAwOTYlILsqENRuykhkQCgxOIU kP4EyjAhVy5OJ4Ipt2+JyiU= =yfhO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 5 10:44:49 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jan 2017 10:44:49 +0000 Subject: [RHSA-2017:0019-01] Moderate: gstreamer-plugins-good security update Message-ID: <201701051044.v05AipUv014360@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gstreamer-plugins-good security update Advisory ID: RHSA-2017:0019-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0019.html Issue date: 2017-01-05 CVE Names: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 ===================================================================== 1. Summary: An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This update removes the vulnerable FLC/FLI/FLX plug-in. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1397441 - CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 gstreamer-plugins-good: Heap buffer overflow in FLIC decoder 1401874 - CVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gstreamer-plugins-good-0.10.31-12.el7_3.src.rpm x86_64: gstreamer-plugins-good-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-0.10.31-12.el7_3.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: gstreamer-plugins-good-0.10.31-12.el7_3.src.rpm x86_64: gstreamer-plugins-good-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-0.10.31-12.el7_3.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: gstreamer-plugins-good-0.10.31-12.el7_3.src.rpm aarch64: gstreamer-plugins-good-0.10.31-12.el7_3.aarch64.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.aarch64.rpm ppc64: gstreamer-plugins-good-0.10.31-12.el7_3.ppc.rpm gstreamer-plugins-good-0.10.31-12.el7_3.ppc64.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.ppc.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.ppc64.rpm ppc64le: gstreamer-plugins-good-0.10.31-12.el7_3.ppc64le.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.ppc64le.rpm s390x: gstreamer-plugins-good-0.10.31-12.el7_3.s390.rpm gstreamer-plugins-good-0.10.31-12.el7_3.s390x.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.s390.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.s390x.rpm x86_64: gstreamer-plugins-good-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-0.10.31-12.el7_3.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gstreamer-plugins-good-0.10.31-12.el7_3.src.rpm x86_64: gstreamer-plugins-good-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-0.10.31-12.el7_3.x86_64.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.i686.rpm gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9634 https://access.redhat.com/security/cve/CVE-2016-9635 https://access.redhat.com/security/cve/CVE-2016-9636 https://access.redhat.com/security/cve/CVE-2016-9807 https://access.redhat.com/security/cve/CVE-2016-9808 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYbiOMXlSAg2UNWIIRAvFpAJ4yRz9szllRgxi6NQHrXBNCl8pxVQCfZnYk ufL5/eb7eev6jw/deECdkvM= =xdtR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 5 10:46:09 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jan 2017 10:46:09 +0000 Subject: [RHSA-2017:0020-01] Moderate: gstreamer1-plugins-good security update Message-ID: <201701051046.v05AkBpB014340@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gstreamer1-plugins-good security update Advisory ID: RHSA-2017:0020-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0020.html Issue date: 2017-01-05 CVE Names: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 ===================================================================== 1. Summary: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This update removes the vulnerable FLC/FLI/FLX plug-in. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1397441 - CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9808 gstreamer-plugins-good: Heap buffer overflow in FLIC decoder 1401874 - CVE-2016-9807 gstreamer-plugins-good: Invalid memory read in flx_decode_chunks 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gstreamer1-plugins-good-1.4.5-3.el7_3.src.rpm x86_64: gstreamer1-plugins-good-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-1.4.5-3.el7_3.x86_64.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: gstreamer1-plugins-good-1.4.5-3.el7_3.src.rpm x86_64: gstreamer1-plugins-good-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-1.4.5-3.el7_3.x86_64.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gstreamer1-plugins-good-1.4.5-3.el7_3.src.rpm aarch64: gstreamer1-plugins-good-1.4.5-3.el7_3.aarch64.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.aarch64.rpm ppc64: gstreamer1-plugins-good-1.4.5-3.el7_3.ppc.rpm gstreamer1-plugins-good-1.4.5-3.el7_3.ppc64.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.ppc.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.ppc64.rpm ppc64le: gstreamer1-plugins-good-1.4.5-3.el7_3.ppc64le.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.ppc64le.rpm s390x: gstreamer1-plugins-good-1.4.5-3.el7_3.s390.rpm gstreamer1-plugins-good-1.4.5-3.el7_3.s390x.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.s390.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.s390x.rpm x86_64: gstreamer1-plugins-good-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-1.4.5-3.el7_3.x86_64.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gstreamer1-plugins-good-1.4.5-3.el7_3.src.rpm x86_64: gstreamer1-plugins-good-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-1.4.5-3.el7_3.x86_64.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.i686.rpm gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9634 https://access.redhat.com/security/cve/CVE-2016-9635 https://access.redhat.com/security/cve/CVE-2016-9636 https://access.redhat.com/security/cve/CVE-2016-9807 https://access.redhat.com/security/cve/CVE-2016-9808 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYbiPYXlSAg2UNWIIRAvl2AKCi+bL15B+AJjVh1Da9I3QPTxV3UACeOlfz Kp0ETpjT0QhnVeoo/P6c4KI= =Ivdv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 5 10:49:04 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jan 2017 10:49:04 +0000 Subject: [RHSA-2017:0021-01] Moderate: gstreamer1-plugins-bad-free security update Message-ID: <201701051049.v05An65Y005057@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gstreamer1-plugins-bad-free security update Advisory ID: RHSA-2017:0021-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0021.html Issue date: 2017-01-05 CVE Names: CVE-2016-9445 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 ===================================================================== 1. Summary: An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * Multiple flaws were discovered in GStreamer's H.264 and MPEG-TS plug-ins. A remote attacker could use these flaws to cause an application using GStreamer to crash. (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1395767 - CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder 1401880 - CVE-2016-9809 gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_caps 1401930 - CVE-2016-9812 gstreamer1-plugins-bad-free: Out-of-bounds read in gst_mpegts_section_new 1401934 - CVE-2016-9813 gstreamer-plugins-bad-free: NULL pointer dereference in mpegts parser 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm x86_64: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm x86_64: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm aarch64: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.aarch64.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.aarch64.rpm ppc64: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.ppc.rpm gstreamer1-plugins-bad-free-1.4.5-6.el7_3.ppc64.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc64.rpm ppc64le: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.ppc64le.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc64le.rpm s390x: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.s390.rpm gstreamer1-plugins-bad-free-1.4.5-6.el7_3.s390x.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.s390.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.s390x.rpm x86_64: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.aarch64.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.aarch64.rpm ppc64: gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc64.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.ppc.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.ppc64.rpm ppc64le: gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc64le.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.ppc64le.rpm s390x: gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.s390.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.s390x.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.s390.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.s390x.rpm x86_64: gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm x86_64: gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9445 https://access.redhat.com/security/cve/CVE-2016-9809 https://access.redhat.com/security/cve/CVE-2016-9812 https://access.redhat.com/security/cve/CVE-2016-9813 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYbiQkXlSAg2UNWIIRAhH1AJ0ZZLGISeLnodKSFlmLTc1wbUzdmACgwNDZ 7lkTUzxiy6e09mJLNwcH6Eg= =zQWw -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 5 23:45:18 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jan 2017 23:45:18 +0000 Subject: [RHSA-2017:0025-01] Important: puppet-tripleo security update Message-ID: <201701052345.v05NjIaD012913@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: puppet-tripleo security update Advisory ID: RHSA-2017:0025-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0025.html Issue date: 2017-01-05 CVE Names: CVE-2016-9599 ===================================================================== 1. Summary: An update for puppet-tripleo is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: puppet-tripleo is a key component of the Red Hat OpenStack Platform director, which is a toolset for installing and managing a complete OpenStack environment. Security Fix(es): * An access-control flaw was discovered in puppet-tripleo's IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. Some API services in Red Hat OpenStack Platform director are not exposed to public networks, which meant their $public_ssl_port value was set to empty (for example, openstack-glance, which is deployed by default on both undercloud and overcloud). If SSL was enabled, a malicious user could use these open ports to gain access to unauthorized resources. (CVE-2016-9599) This issue was discovered by Ben Nemec (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1409687 - CVE-2016-9599 puppet-tripleo:if ssl is enabled, traffic is open on both undercloud and overcloud 6. Package List: Red Hat OpenStack Platform 10.0: Source: puppet-tripleo-5.4.0-4.el7ost.src.rpm noarch: puppet-tripleo-5.4.0-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9599 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYbtpiXlSAg2UNWIIRAtTzAKCJd6GE4Bqf50PsVyl2PT85q3J41gCfausf c6l3XZGAMMzjU1PysTrPook= =3OHJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 10 21:04:05 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jan 2017 21:04:05 +0000 Subject: [RHSA-2017:0031-01] Important: kernel security and bug fix update Message-ID: <201701102104.v0AL47MK008615@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0031-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0031.html Issue date: 2017-01-10 CVE Names: CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) Bug Fix(es): * Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1397737) * From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache occasionally showed incorrect values. This update fixes the DST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct values. (BZ#1391973) * Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398182) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: kernel-2.6.32-573.38.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.38.1.el6.noarch.rpm kernel-doc-2.6.32-573.38.1.el6.noarch.rpm kernel-firmware-2.6.32-573.38.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.38.1.el6.x86_64.rpm kernel-debug-2.6.32-573.38.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.38.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.38.1.el6.x86_64.rpm kernel-devel-2.6.32-573.38.1.el6.x86_64.rpm kernel-headers-2.6.32-573.38.1.el6.x86_64.rpm perf-2.6.32-573.38.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.38.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm python-perf-2.6.32-573.38.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: kernel-2.6.32-573.38.1.el6.src.rpm i386: kernel-2.6.32-573.38.1.el6.i686.rpm kernel-debug-2.6.32-573.38.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.38.1.el6.i686.rpm kernel-devel-2.6.32-573.38.1.el6.i686.rpm kernel-headers-2.6.32-573.38.1.el6.i686.rpm perf-2.6.32-573.38.1.el6.i686.rpm perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.38.1.el6.noarch.rpm kernel-doc-2.6.32-573.38.1.el6.noarch.rpm kernel-firmware-2.6.32-573.38.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.38.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.38.1.el6.ppc64.rpm kernel-debug-2.6.32-573.38.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.38.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.38.1.el6.ppc64.rpm kernel-devel-2.6.32-573.38.1.el6.ppc64.rpm kernel-headers-2.6.32-573.38.1.el6.ppc64.rpm perf-2.6.32-573.38.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.38.1.el6.s390x.rpm kernel-debug-2.6.32-573.38.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.38.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.38.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.38.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.38.1.el6.s390x.rpm kernel-devel-2.6.32-573.38.1.el6.s390x.rpm kernel-headers-2.6.32-573.38.1.el6.s390x.rpm kernel-kdump-2.6.32-573.38.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.38.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.38.1.el6.s390x.rpm perf-2.6.32-573.38.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.38.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.38.1.el6.x86_64.rpm kernel-debug-2.6.32-573.38.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.38.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.38.1.el6.x86_64.rpm kernel-devel-2.6.32-573.38.1.el6.x86_64.rpm kernel-headers-2.6.32-573.38.1.el6.x86_64.rpm perf-2.6.32-573.38.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: kernel-debug-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.38.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.38.1.el6.i686.rpm perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm python-perf-2.6.32-573.38.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.38.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm python-perf-2.6.32-573.38.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.38.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.38.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.38.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.38.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.38.1.el6.s390x.rpm python-perf-2.6.32-573.38.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.38.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm python-perf-2.6.32-573.38.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.38.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYdUvVXlSAg2UNWIIRAtYIAJ4imN9MZ1VGBJJBomdBemaOuMPGogCgicoi 44PUenoBKbvCh3j7KVV5ses= =g4g+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 10 21:08:21 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jan 2017 21:08:21 +0000 Subject: [RHSA-2017:0036-01] Important: kernel security and bug fix update Message-ID: <201701102108.v0AL8M80017815@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0036-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0036.html Issue date: 2017-01-10 CVE Names: CVE-2016-4998 CVE-2016-6828 CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) Bug Fix(es): * When parallel NFS returned a file layout, a kernel crash sometimes occurred. This update removes the call to the BUG_ON() function from a code path of a client that returns the file layout. As a result, the kernel no longer crashes in the described situation. (BZ#1385480) * When a guest virtual machine (VM) on Microsoft Hyper-V was set to crash on a Nonmaskable Interrupt (NMI) that was injected from the host, this VM became unresponsive and did not create the vmcore dump file. This update applies a set of patches to the Virtual Machine Bus kernel driver (hv_vmbus) that fix this bug. As a result, the VM now first creates and saves the vmcore dump file and then reboots. (BZ#1385482) * From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache occasionally showed incorrect values. This update fixes the DST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct values. (BZ#1391974) * When using the ixgbe driver and the software Fibre Channel over Ethernet (FCoE) stack, suboptimal performance in some cases occurred on systems with a large number of CPUs. This update fixes the fc_exch_alloc() function to try all the available exchange managers in the list for an available exchange ID. This change avoids failing allocations, which previously led to the host busy status. (BZ#1392818) * When the vmwgfx kernel module loads, it overrides the boot resolution automatically. Consequently, users were not able to change the resolution by manual setting of the kernel's 'vga=' parameter in the /boot/grub/grub.conf file. This update adds the 'nomodeset' parameter, which can be set in the /boot/grub/grub.conf file. The 'nomodeset' parameter allows the users to prevent the vmwgfx driver from loading. As a result, the setting of the 'vga=' parameter works as expected, in case that vmwgfx does not load. (BZ#1392875) * When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based systems, Desktop Management Interface (DMI) information, which is referenced by several applications, such as NEC server's memory RAS utility, was missing entries in the sysfs virtual file system. This update fixes the underlying source code, and sysfs now shows the DMI information as expected. (BZ#1393464) * Previously, bonding mode active backup and the propagation of the media access control (MAC) address to a VLAN interface did not work in Red Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter was set to fail_over_mac=active. With this update, the underlying source code has been fixed so that the VLANs continue inheriting the MAC address of the active physical interface until the VLAN MAC address is explicitly set to any value. As a result, IPv6 EUI64 addresses for the VLAN can reflect any changes to the MAC address of the physical interface, and Duplicate Address Detection (DAD) behaves as expected. (BZ#1396479) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1349886 - CVE-2016-4998 kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt 1367091 - CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-642.13.1.el6.src.rpm i386: kernel-2.6.32-642.13.1.el6.i686.rpm kernel-debug-2.6.32-642.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm kernel-devel-2.6.32-642.13.1.el6.i686.rpm kernel-headers-2.6.32-642.13.1.el6.i686.rpm perf-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.1.el6.noarch.rpm kernel-doc-2.6.32-642.13.1.el6.noarch.rpm kernel-firmware-2.6.32-642.13.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm kernel-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-headers-2.6.32-642.13.1.el6.x86_64.rpm perf-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.13.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.1.el6.noarch.rpm kernel-doc-2.6.32-642.13.1.el6.noarch.rpm kernel-firmware-2.6.32-642.13.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm kernel-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-headers-2.6.32-642.13.1.el6.x86_64.rpm perf-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-642.13.1.el6.src.rpm i386: kernel-2.6.32-642.13.1.el6.i686.rpm kernel-debug-2.6.32-642.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm kernel-devel-2.6.32-642.13.1.el6.i686.rpm kernel-headers-2.6.32-642.13.1.el6.i686.rpm perf-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.1.el6.noarch.rpm kernel-doc-2.6.32-642.13.1.el6.noarch.rpm kernel-firmware-2.6.32-642.13.1.el6.noarch.rpm ppc64: kernel-2.6.32-642.13.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.13.1.el6.ppc64.rpm kernel-debug-2.6.32-642.13.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.13.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.13.1.el6.ppc64.rpm kernel-devel-2.6.32-642.13.1.el6.ppc64.rpm kernel-headers-2.6.32-642.13.1.el6.ppc64.rpm perf-2.6.32-642.13.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm s390x: kernel-2.6.32-642.13.1.el6.s390x.rpm kernel-debug-2.6.32-642.13.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.s390x.rpm kernel-debug-devel-2.6.32-642.13.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.13.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.13.1.el6.s390x.rpm kernel-devel-2.6.32-642.13.1.el6.s390x.rpm kernel-headers-2.6.32-642.13.1.el6.s390x.rpm kernel-kdump-2.6.32-642.13.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.13.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.13.1.el6.s390x.rpm perf-2.6.32-642.13.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.13.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.s390x.rpm x86_64: kernel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm kernel-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-headers-2.6.32-642.13.1.el6.x86_64.rpm perf-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.13.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm python-perf-2.6.32-642.13.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.13.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.13.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.13.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.13.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.13.1.el6.s390x.rpm python-perf-2.6.32-642.13.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-642.13.1.el6.src.rpm i386: kernel-2.6.32-642.13.1.el6.i686.rpm kernel-debug-2.6.32-642.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm kernel-devel-2.6.32-642.13.1.el6.i686.rpm kernel-headers-2.6.32-642.13.1.el6.i686.rpm perf-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.13.1.el6.noarch.rpm kernel-doc-2.6.32-642.13.1.el6.noarch.rpm kernel-firmware-2.6.32-642.13.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm kernel-devel-2.6.32-642.13.1.el6.x86_64.rpm kernel-headers-2.6.32-642.13.1.el6.x86_64.rpm perf-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.13.1.el6.i686.rpm perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm python-perf-2.6.32-642.13.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm python-perf-2.6.32-642.13.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.13.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4998 https://access.redhat.com/security/cve/CVE-2016-6828 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYdUxeXlSAg2UNWIIRApcxAJ9ngDHXC8B8fNdIXsq2KBCrIatHdACfbOj0 2P69UItMakciVhTzz3N07V0= =aH2P -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 08:53:33 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2017 08:53:33 +0000 Subject: [RHSA-2017:0057-01] Critical: flash-plugin security update Message-ID: <201701110853.v0B8rZ1a026406@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2017:0057-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0057.html Issue date: 2017-01-11 CVE Names: CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937 CVE-2017-2938 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.194. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1411929 - CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937 CVE-2017-2938 flash-plugin: multiple code execution issues fixed in APSB17-02 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-24.0.0.194-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-24.0.0.194-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-24.0.0.194-1.el6_8.i686.rpm x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2925 https://access.redhat.com/security/cve/CVE-2017-2926 https://access.redhat.com/security/cve/CVE-2017-2927 https://access.redhat.com/security/cve/CVE-2017-2928 https://access.redhat.com/security/cve/CVE-2017-2930 https://access.redhat.com/security/cve/CVE-2017-2931 https://access.redhat.com/security/cve/CVE-2017-2932 https://access.redhat.com/security/cve/CVE-2017-2933 https://access.redhat.com/security/cve/CVE-2017-2934 https://access.redhat.com/security/cve/CVE-2017-2935 https://access.redhat.com/security/cve/CVE-2017-2936 https://access.redhat.com/security/cve/CVE-2017-2937 https://access.redhat.com/security/cve/CVE-2017-2938 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb17-02.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYdfJ/XlSAg2UNWIIRAsNHAKCrlcYaBmSYZ/8vlx3tDvSILA9GygCeJKZQ KfSBeTmt1CjZsJdMAGUad/0= =RlPf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 16:32:40 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2017 11:32:40 -0500 Subject: [RHSA-2017:0059-01] Moderate: Red Hat Mobile Application Platform 4.2.1 Security Update - SDKs and RPMs Message-ID: <201701111632.v0BGWefq016069@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Mobile Application Platform 4.2.1 Security Update - SDKs and RPMs Advisory ID: RHSA-2017:0059-01 Product: Red Hat Mobile Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:0059 Issue date: 2017-01-11 Cross references: RHSA-2016:25626 CVE Names: CVE-2016-8704 CVE-2016-8705 ===================================================================== 1. Summary: Updated packages that provide Red Hat Mobile Application Platform 4.2.1, fixed several bugs, and added various enhancements that are now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Mobile Application Platform 4.2 - noarch 3. Description: Red Hat Mobile Application Platform (RHMAP) 4.2 is delivered as a set of Docker-formatted container images. In addition to the images, several components are delivered as RPMs: * OpenShift templates used to deploy an RHMAP Core and MBaaS * A diagnostic tool called 'fh-system-dump-tool', which can be used to collect information about the RHMAP cluster in case of problems The following RPMs are included in the RHMAP container images, and are provided here only for completeness: * The Nagios server, which is used to monitor the status of RHMAP components, is installed inside the Nagios container image. * PhantomJS, a headless WebKit scriptable with a JavaScript API, is installed inside the MBaaS and Supercore container images. * 'mod_authnz_external', an Apache module used for authentication, is installed inside the httpd container image. A ZIP package containing client SDKs is also delivered as an optional download. The same ZIP file is also provided inside the 'rhmap42/fh-sdks' container image. This release serves as an update for Red Hat Mobile Application Platform 4.2.0. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.2.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8704) * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8705) 4. Solution: A link to download the ZIP file and RPM packages provided by this update can be found in the references section of this errata. 5. Bugs fixed (https://bugzilla.redhat.com/): 1390510 - CVE-2016-8704 memcached: Server append/prepend remote code execution 1390511 - CVE-2016-8705 memcached: Server update remote code execution 6. JIRA issues fixed (https://issues.jboss.org/): RHMAP-11023 - Build RPM containing MBaaS and Core templates for RHMAP 4.2.1 7. Package List: Red Hat Mobile Application Platform 4.2: Source: rhmap-fh-openshift-templates-1.0.0-5.el7.src.rpm noarch: rhmap-fh-openshift-templates-1.0.0-5.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2016-8704 https://access.redhat.com/security/cve/CVE-2016-8705 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/downloads/content/316/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYdl4mXlSAg2UNWIIRArkOAJ9GLd4D1jH5BHFJcb47ZEwHfGD0DQCgkGgO fuYrzAp+2elT1sGKlfaK8nI= =PH9e -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jan 13 07:43:16 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 13 Jan 2017 07:43:16 +0000 Subject: [RHSA-2017:0061-01] Important: java-1.6.0-openjdk security update Message-ID: <201701130743.v0D7hHIb006864@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2017:0061-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0061.html Issue date: 2017-01-12 CVE Names: CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 ===================================================================== 1. Summary: An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385402 - CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) 1385544 - CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) 1385714 - CVE-2016-5554 OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) 1385723 - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) 1386103 - CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.s390x.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5542 https://access.redhat.com/security/cve/CVE-2016-5554 https://access.redhat.com/security/cve/CVE-2016-5573 https://access.redhat.com/security/cve/CVE-2016-5582 https://access.redhat.com/security/cve/CVE-2016-5597 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYeIT0XlSAg2UNWIIRAgQPAKCai7h4Cc6597NSiWUwuXUJ+pWWvgCgkbvC gQh8khAY9KtXVarZehdvrEU= =KF5H -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 16 06:47:46 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Jan 2017 06:47:46 +0000 Subject: [RHSA-2017:0062-01] Important: bind security update Message-ID: <201701160647.v0G6llWQ023576@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2017:0062-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0062.html Issue date: 2017-01-16 CVE Names: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) * A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) Red Hat would like to thank ISC for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1411348 - CVE-2016-9131 bind: assertion failure while processing response to an ANY query 1411367 - CVE-2016-9147 bind: assertion failure while handling a query response containing inconsistent DNSSEC information 1411377 - CVE-2016-9444 bind: assertion failure while handling an unusually-formed DS record response 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm aarch64: bind-9.9.4-38.el7_3.1.aarch64.rpm bind-chroot-9.9.4-38.el7_3.1.aarch64.rpm bind-debuginfo-9.9.4-38.el7_3.1.aarch64.rpm bind-libs-9.9.4-38.el7_3.1.aarch64.rpm bind-libs-lite-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.aarch64.rpm bind-utils-9.9.4-38.el7_3.1.aarch64.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm ppc64: bind-9.9.4-38.el7_3.1.ppc64.rpm bind-chroot-9.9.4-38.el7_3.1.ppc64.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc64.rpm bind-libs-9.9.4-38.el7_3.1.ppc.rpm bind-libs-9.9.4-38.el7_3.1.ppc64.rpm bind-libs-lite-9.9.4-38.el7_3.1.ppc.rpm bind-libs-lite-9.9.4-38.el7_3.1.ppc64.rpm bind-utils-9.9.4-38.el7_3.1.ppc64.rpm ppc64le: bind-9.9.4-38.el7_3.1.ppc64le.rpm bind-chroot-9.9.4-38.el7_3.1.ppc64le.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc64le.rpm bind-libs-9.9.4-38.el7_3.1.ppc64le.rpm bind-libs-lite-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.ppc64le.rpm bind-utils-9.9.4-38.el7_3.1.ppc64le.rpm s390x: bind-9.9.4-38.el7_3.1.s390x.rpm bind-chroot-9.9.4-38.el7_3.1.s390x.rpm bind-debuginfo-9.9.4-38.el7_3.1.s390.rpm bind-debuginfo-9.9.4-38.el7_3.1.s390x.rpm bind-libs-9.9.4-38.el7_3.1.s390.rpm bind-libs-9.9.4-38.el7_3.1.s390x.rpm bind-libs-lite-9.9.4-38.el7_3.1.s390.rpm bind-libs-lite-9.9.4-38.el7_3.1.s390x.rpm bind-utils-9.9.4-38.el7_3.1.s390x.rpm x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: bind-debuginfo-9.9.4-38.el7_3.1.aarch64.rpm bind-devel-9.9.4-38.el7_3.1.aarch64.rpm bind-lite-devel-9.9.4-38.el7_3.1.aarch64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.aarch64.rpm bind-sdb-9.9.4-38.el7_3.1.aarch64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.aarch64.rpm ppc64: bind-debuginfo-9.9.4-38.el7_3.1.ppc.rpm bind-debuginfo-9.9.4-38.el7_3.1.ppc64.rpm bind-devel-9.9.4-38.el7_3.1.ppc.rpm bind-devel-9.9.4-38.el7_3.1.ppc64.rpm bind-lite-devel-9.9.4-38.el7_3.1.ppc.rpm bind-lite-devel-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.ppc.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.ppc.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.ppc64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.ppc64.rpm bind-sdb-9.9.4-38.el7_3.1.ppc64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.ppc64.rpm ppc64le: bind-debuginfo-9.9.4-38.el7_3.1.ppc64le.rpm bind-devel-9.9.4-38.el7_3.1.ppc64le.rpm bind-lite-devel-9.9.4-38.el7_3.1.ppc64le.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.ppc64le.rpm bind-sdb-9.9.4-38.el7_3.1.ppc64le.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.ppc64le.rpm s390x: bind-debuginfo-9.9.4-38.el7_3.1.s390.rpm bind-debuginfo-9.9.4-38.el7_3.1.s390x.rpm bind-devel-9.9.4-38.el7_3.1.s390.rpm bind-devel-9.9.4-38.el7_3.1.s390x.rpm bind-lite-devel-9.9.4-38.el7_3.1.s390.rpm bind-lite-devel-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.s390.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.s390.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.s390x.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.s390x.rpm bind-sdb-9.9.4-38.el7_3.1.s390x.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.s390x.rpm x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-38.el7_3.1.src.rpm noarch: bind-license-9.9.4-38.el7_3.1.noarch.rpm x86_64: bind-9.9.4-38.el7_3.1.x86_64.rpm bind-chroot-9.9.4-38.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-9.9.4-38.el7_3.1.i686.rpm bind-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-38.el7_3.1.i686.rpm bind-libs-lite-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-38.el7_3.1.x86_64.rpm bind-utils-9.9.4-38.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-38.el7_3.1.i686.rpm bind-debuginfo-9.9.4-38.el7_3.1.x86_64.rpm bind-devel-9.9.4-38.el7_3.1.i686.rpm bind-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-38.el7_3.1.i686.rpm bind-lite-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-9.9.4-38.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-38.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9131 https://access.redhat.com/security/cve/CVE-2016-9147 https://access.redhat.com/security/cve/CVE-2016-9444 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01439 https://kb.isc.org/article/AA-01440 https://kb.isc.org/article/AA-01441 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfGyBXlSAg2UNWIIRAg/SAJ45ecczuo+Yuzc0OahM8IomRC9MXgCfVOUh wNFq3vjHxvFyLC9ylB2kwIk= =wIRr -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 16 06:49:32 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Jan 2017 06:49:32 +0000 Subject: [RHSA-2017:0063-01] Important: bind security update Message-ID: <201701160649.v0G6nY9h012513@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2017:0063-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0063.html Issue date: 2017-01-16 CVE Names: CVE-2016-9147 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) Red Hat would like to thank ISC for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1411367 - CVE-2016-9147 bind: assertion failure while handling a query response containing inconsistent DNSSEC information 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.12.src.rpm i386: bind-9.3.6-25.P1.el5_11.12.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.i386.rpm bind-libs-9.3.6-25.P1.el5_11.12.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.12.i386.rpm bind-utils-9.3.6-25.P1.el5_11.12.i386.rpm x86_64: bind-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.12.i386.rpm bind-libs-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.12.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.12.src.rpm i386: bind-chroot-9.3.6-25.P1.el5_11.12.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.i386.rpm bind-devel-9.3.6-25.P1.el5_11.12.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.12.i386.rpm x86_64: bind-chroot-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.12.i386.rpm bind-devel-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.12.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind-9.3.6-25.P1.el5_11.12.src.rpm i386: bind-9.3.6-25.P1.el5_11.12.i386.rpm bind-chroot-9.3.6-25.P1.el5_11.12.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.i386.rpm bind-devel-9.3.6-25.P1.el5_11.12.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.i386.rpm bind-libs-9.3.6-25.P1.el5_11.12.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.12.i386.rpm bind-utils-9.3.6-25.P1.el5_11.12.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.12.i386.rpm ia64: bind-9.3.6-25.P1.el5_11.12.ia64.rpm bind-chroot-9.3.6-25.P1.el5_11.12.ia64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.ia64.rpm bind-devel-9.3.6-25.P1.el5_11.12.ia64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.ia64.rpm bind-libs-9.3.6-25.P1.el5_11.12.i386.rpm bind-libs-9.3.6-25.P1.el5_11.12.ia64.rpm bind-sdb-9.3.6-25.P1.el5_11.12.ia64.rpm bind-utils-9.3.6-25.P1.el5_11.12.ia64.rpm caching-nameserver-9.3.6-25.P1.el5_11.12.ia64.rpm ppc: bind-9.3.6-25.P1.el5_11.12.ppc.rpm bind-chroot-9.3.6-25.P1.el5_11.12.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.ppc64.rpm bind-devel-9.3.6-25.P1.el5_11.12.ppc.rpm bind-devel-9.3.6-25.P1.el5_11.12.ppc64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.ppc.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.ppc64.rpm bind-libs-9.3.6-25.P1.el5_11.12.ppc.rpm bind-libs-9.3.6-25.P1.el5_11.12.ppc64.rpm bind-sdb-9.3.6-25.P1.el5_11.12.ppc.rpm bind-utils-9.3.6-25.P1.el5_11.12.ppc.rpm caching-nameserver-9.3.6-25.P1.el5_11.12.ppc.rpm s390x: bind-9.3.6-25.P1.el5_11.12.s390x.rpm bind-chroot-9.3.6-25.P1.el5_11.12.s390x.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.s390.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.s390x.rpm bind-devel-9.3.6-25.P1.el5_11.12.s390.rpm bind-devel-9.3.6-25.P1.el5_11.12.s390x.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.s390.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.s390x.rpm bind-libs-9.3.6-25.P1.el5_11.12.s390.rpm bind-libs-9.3.6-25.P1.el5_11.12.s390x.rpm bind-sdb-9.3.6-25.P1.el5_11.12.s390x.rpm bind-utils-9.3.6-25.P1.el5_11.12.s390x.rpm caching-nameserver-9.3.6-25.P1.el5_11.12.s390x.rpm x86_64: bind-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-chroot-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.12.i386.rpm bind-devel-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.12.i386.rpm bind-libs-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.12.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.12.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.12.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.4.src.rpm i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.4.src.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.4.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.i686.rpm ppc64: bind-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.ppc.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm s390x: bind-9.8.2-0.47.rc1.el6_8.4.s390x.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.s390x.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.s390x.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.s390.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.s390x.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.s390x.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.i686.rpm ppc64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.ppc.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.s390x.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.s390.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.s390x.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.4.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9147 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01440 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfGzoXlSAg2UNWIIRApCZAKC49veEJxDDyT6s9rEqW/MeItCNTgCfagSn V3oDcJx/6mxYPbhtkfrQj0M= =jzRy -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 16 06:50:02 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Jan 2017 06:50:02 +0000 Subject: [RHSA-2017:0064-01] Important: bind97 security update Message-ID: <201701160650.v0G6o3fS002797@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2017:0064-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0064.html Issue date: 2017-01-16 CVE Names: CVE-2016-9147 ===================================================================== 1. Summary: An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) Red Hat would like to thank ISC for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1411367 - CVE-2016-9147 bind: assertion failure while handling a query response containing inconsistent DNSSEC information 6. Package List: Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: bind97-9.7.0-21.P2.el5_11.10.src.rpm i386: bind97-9.7.0-21.P2.el5_11.10.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.10.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.10.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.10.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.10.i386.rpm x86_64: bind97-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.10.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.10.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind97-9.7.0-21.P2.el5_11.10.src.rpm i386: bind97-9.7.0-21.P2.el5_11.10.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.10.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.10.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.10.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.10.i386.rpm ia64: bind97-9.7.0-21.P2.el5_11.10.ia64.rpm bind97-chroot-9.7.0-21.P2.el5_11.10.ia64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.ia64.rpm bind97-devel-9.7.0-21.P2.el5_11.10.ia64.rpm bind97-libs-9.7.0-21.P2.el5_11.10.ia64.rpm bind97-utils-9.7.0-21.P2.el5_11.10.ia64.rpm ppc: bind97-9.7.0-21.P2.el5_11.10.ppc.rpm bind97-chroot-9.7.0-21.P2.el5_11.10.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.ppc64.rpm bind97-devel-9.7.0-21.P2.el5_11.10.ppc.rpm bind97-devel-9.7.0-21.P2.el5_11.10.ppc64.rpm bind97-libs-9.7.0-21.P2.el5_11.10.ppc.rpm bind97-libs-9.7.0-21.P2.el5_11.10.ppc64.rpm bind97-utils-9.7.0-21.P2.el5_11.10.ppc.rpm s390x: bind97-9.7.0-21.P2.el5_11.10.s390x.rpm bind97-chroot-9.7.0-21.P2.el5_11.10.s390x.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.s390.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.s390x.rpm bind97-devel-9.7.0-21.P2.el5_11.10.s390.rpm bind97-devel-9.7.0-21.P2.el5_11.10.s390x.rpm bind97-libs-9.7.0-21.P2.el5_11.10.s390.rpm bind97-libs-9.7.0-21.P2.el5_11.10.s390x.rpm bind97-utils-9.7.0-21.P2.el5_11.10.s390x.rpm x86_64: bind97-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.10.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.10.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.10.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9147 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01440 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfG0SXlSAg2UNWIIRAqMKAKC1P/1mupHVpR4P115n2DanOpYOWgCdFHt+ 4n6D05VwtJuRLh+LNl5fMhQ= =+GMD -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 17 09:23:22 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jan 2017 09:23:22 +0000 Subject: [RHSA-2017:0065-01] Important: kernel security update Message-ID: <201701170923.v0H9NOaB007493@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0065-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0065.html Issue date: 2017-01-17 CVE Names: CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: kernel-2.6.32-431.77.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.77.1.el6.noarch.rpm kernel-doc-2.6.32-431.77.1.el6.noarch.rpm kernel-firmware-2.6.32-431.77.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.77.1.el6.x86_64.rpm kernel-debug-2.6.32-431.77.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.77.1.el6.x86_64.rpm kernel-devel-2.6.32-431.77.1.el6.x86_64.rpm kernel-headers-2.6.32-431.77.1.el6.x86_64.rpm perf-2.6.32-431.77.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: kernel-2.6.32-431.77.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.77.1.el6.noarch.rpm kernel-doc-2.6.32-431.77.1.el6.noarch.rpm kernel-firmware-2.6.32-431.77.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.77.1.el6.x86_64.rpm kernel-debug-2.6.32-431.77.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.77.1.el6.x86_64.rpm kernel-devel-2.6.32-431.77.1.el6.x86_64.rpm kernel-headers-2.6.32-431.77.1.el6.x86_64.rpm perf-2.6.32-431.77.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: kernel-2.6.32-431.77.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.77.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm python-perf-2.6.32-431.77.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: kernel-2.6.32-431.77.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.77.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm python-perf-2.6.32-431.77.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.77.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfeJtXlSAg2UNWIIRAtNNAJ9nV+3x9+l9Kp9ydyAXvUHvcA+y2ACdFhkS v/OR3f7Vm/GoMtdmI9yEelk= =cZ8o -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 17 19:18:53 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jan 2017 19:18:53 +0000 Subject: [RHSA-2017:0083-01] Low: qemu-kvm security and bug fix update Message-ID: <201701171918.v0HJIv0v031953@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm security and bug fix update Advisory ID: RHSA-2017:0083-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0083.html Issue date: 2017-01-17 CVE Names: CVE-2016-2857 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Ling Liu (Qihoo 360 Inc.) for reporting this issue. Bug Fix(es): * Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring. (BZ#1393484) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1296567 - CVE-2016-2857 Qemu: net: out of bounds read in net_checksum_calculate() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm ppc64: qemu-img-1.5.3-126.el7_3.3.ppc64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.ppc64.rpm ppc64le: qemu-img-1.5.3-126.el7_3.3.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.ppc64le.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.3.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.3.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2857 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/updates/classification/#Low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm4IXlSAg2UNWIIRAqo2AKDBcem0HhMfiKIYWKl1mnXrIt1PhACfbk51 gD9g89JnjAZCvGffEdEMDsQ= =FCGV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 17 19:20:37 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jan 2017 19:20:37 +0000 Subject: [RHSA-2017:0086-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201701171920.v0HJKdMf002824@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2017:0086-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0086.html Issue date: 2017-01-17 CVE Names: CVE-2016-6828 CVE-2016-7117 CVE-2016-9555 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate) Bug Fix(es): * Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668) * Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611) * Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023) * Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024) * Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot: "Unknown Intel PCH (0xa149) detected." "Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware." The messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033) * Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1367091 - CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm ppc64: kernel-3.10.0-514.6.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.6.1.el7.ppc64.rpm kernel-debug-3.10.0-514.6.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.6.1.el7.ppc64.rpm kernel-devel-3.10.0-514.6.1.el7.ppc64.rpm kernel-headers-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.ppc64.rpm perf-3.10.0-514.6.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm python-perf-3.10.0-514.6.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-514.6.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.6.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.6.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.6.1.el7.ppc64le.rpm perf-3.10.0-514.6.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm python-perf-3.10.0-514.6.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm s390x: kernel-3.10.0-514.6.1.el7.s390x.rpm kernel-debug-3.10.0-514.6.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.s390x.rpm kernel-debug-devel-3.10.0-514.6.1.el7.s390x.rpm kernel-debuginfo-3.10.0-514.6.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.6.1.el7.s390x.rpm kernel-devel-3.10.0-514.6.1.el7.s390x.rpm kernel-headers-3.10.0-514.6.1.el7.s390x.rpm kernel-kdump-3.10.0-514.6.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.6.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.6.1.el7.s390x.rpm perf-3.10.0-514.6.1.el7.s390x.rpm perf-debuginfo-3.10.0-514.6.1.el7.s390x.rpm python-perf-3.10.0-514.6.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.s390x.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-514.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm kernel-doc-3.10.0-514.6.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm perf-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.6.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6828 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/cve/CVE-2016-9555 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2857831 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm50XlSAg2UNWIIRAmyQAJ94OnL9F0NIJ2FwETONhikS1ASVVgCeKwEP v7tgVk7weRvbe4vZaHieogI= =KiPw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 17 19:21:20 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jan 2017 19:21:20 +0000 Subject: [RHSA-2017:0091-01] Important: kernel-rt security and bug fix update Message-ID: <201701171921.v0HJLMWV031435@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:0091-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0091.html Issue date: 2017-01-17 CVE Names: CVE-2016-6828 CVE-2016-7117 CVE-2016-9555 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate) Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-514.6.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1401863) * Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400930) * Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1402837) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1367091 - CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb() 1400930 - RT kernel panics with dm-multipath enabled 1401863 - kernel-rt: update to the RHEL7.3.z batch#2 source tree 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-514.6.1.rt56.429.el7.src.rpm noarch: kernel-rt-doc-3.10.0-514.6.1.rt56.429.el7.noarch.rpm x86_64: kernel-rt-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-kvm-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-514.6.1.rt56.429.el7.src.rpm noarch: kernel-rt-doc-3.10.0-514.6.1.rt56.429.el7.noarch.rpm x86_64: kernel-rt-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.6.1.rt56.429.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6828 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/cve/CVE-2016-9555 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm6nXlSAg2UNWIIRAr+vAJ9GhdVmsVpdSuJc1Zaw6o3KWhWbEQCgslY0 qdCkVre8wrFPBWXO1ifAYQc= =mZEp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 17 19:22:15 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jan 2017 19:22:15 +0000 Subject: [RHSA-2017:0113-01] Important: kernel-rt security and bug fix update Message-ID: <201701171922.v0HJMGw3004063@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:0113-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0113.html Issue date: 2017-01-17 CVE Names: CVE-2016-6828 CVE-2016-7117 CVE-2016-9555 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-514, which provides a number of security and bug fixes over the previous version. (BZ#1400193) Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate) Bug Fix(es): * Previously, console warnings from the real-time kernel were generated when a sleeping lock was acquired in atomic context. With this update, the code has been modified to not acquire a sleeping lock in this context. As a result, the console warnings are no longer generated. (BZ#1378982) * Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400305) * Previously, the kernel could sometimes panic due to a possible division by zero in the scheduler. This bug has been fixed by defining a new div64_ul() division function and correcting the affected calculation in the proc_sched_show_task() function. (BZ#1400975) * Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1401779) Enhancement(s): * With this update, the CONFIG_SLUB_DEBUG and CONFIG_SLABINFO kernel configuration options are enabled in the real-time kernel. These options turn on SLUB allocator debugging and slab information tracking, which are helpful when investigating kernel memory allocation problems. (BZ#1357997) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1346444 - [mrg] update kernel-rt sources 1357997 - Enable CONFIG_SLUB_DEBUG and CONFIG_SLABINFO 1367091 - CVE-2016-6828 kernel: Use after free in tcp_xmit_retransmit_queue 1378982 - BUG: using smp_processor_id() in preemptible 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb() 1400193 - update the MRG 2.5.z 3.10 kernel-rt sources 1400305 - RT kernel panics with dm-multipath enabled [mrg] 1401779 - NIC hangs due to corrupt napi lists 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-514.rt56.210.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-514.rt56.210.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-514.rt56.210.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.210.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-514.rt56.210.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6828 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/cve/CVE-2016-9555 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfm7SXlSAg2UNWIIRAkrWAJoDaDrfp14M7PGi51A2nOTpHgDPiQCeIUkr BgAeqcoqsN8UWczQYDnNjIw= =77qN -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 18 08:07:45 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jan 2017 08:07:45 +0000 Subject: [RHSA-2017:0116-01] Moderate: docker security, bug fix, and enhancement update Message-ID: <201701180807.v0I87lrA005985@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: docker security, bug fix, and enhancement update Advisory ID: RHSA-2017:0116-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0116.html Issue date: 2017-01-17 CVE Names: CVE-2016-9962 ===================================================================== 1. Summary: An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - x86_64 3. Description: Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker (1.12.5). (BZ#1404298) Security Fix(es): * The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception. (CVE-2016-9962) Red Hat would like to thank the Docker project for reporting this issue. Upstream acknowledges Aleksa Sarai (SUSE) and Tonis Tiigi (Docker) as the original reporters. Bug Fix(es): * The docker containers and images did not read proxy variables from the environment when contacting registries. As a consequence, a user could not pull image when the system was configured to use a proxy. The containers and images have been fixed to read proxy variables from the environment, and pulling images now from a system with a proxy works correctly. (BZ#1393816) * Occasionally the docker-storage-setup service could start before a thin pool is ready which caused it to failed. As a consequence, the docker daemon also failed. This bug has been fixed and now docker-storage-setup waits for a thin pool to be created for 60 seconds. This default time can be configured. As a result, docker and docker-storage-setup start correctly upon reboot. (BZ#1316786) * Previously, the docker daemon's unit file was not supplying the userspace proxy path. As a consequence, containers that exposed ports could not be started. To fix this bug, the unit file was updated to include the userspace proxy path option to the daemon start command, along with several other minor packaging fixes. As a result, containers that expose ports can now be started as expected. (BZ#1406460) * Previously, the system CA (Certificate Authority) pool was excluded when the registry CA is used from the /etc/docker/certs.d/ directory. As a consequence, pulling images failed with the following error: Failed to push image: x509: certificate signed by unknown authority This bug has been fixed and docker now reads the system CA pool correctly and pulling images now work correctly. (BZ#1400372) * Previously, the docker daemon option did not handle correctly the "--block-registry docker.io" option. As a consequence, docker allowed pulling images from docker.io even when the "--block-registry docker.io" option was enabled. This update fixed the handling of the option, and now using "--block-registry docker.io" correctly blocks image pulling. (BZ#1395401) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1316786 - Docker can activate storage before LVM is ready, causing "Failed to start Docker Application Container Engine." 1341760 - docker should require package subscription-manager-plugin-container, not subscription-manager 1346206 - docker command overwrites DOCKER_CERT_PATH variable 1360195 - docker module at lower priority 100 with module at priority 400 when update and downgrade 1364238 - docker-1.12 regression: inconsistent exit codes in command-line flag processing 1373952 - [extras-rhel-7.3.0] selinux issues prevent docker.service from starting 1385924 - docker run --cgroup-parent : unexpected result for pid 1388585 - yum update to Red Hat docker 1.12 omits docker-storage EnvironmentFile entry from systemd unit 1389442 - docker-1.12 can not pull image:tag from brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 1393816 - [1.12.3]docker didn't work behind proxy 1395401 - block-registry does not work for docker.io with docker 1.10 1399398 - Error starting daemon: Error initializing network controller: Error creating default \"bridge\" network: cannot create network docker0 1400228 - Ability to disable subscription-manager-into-containers host-wide 1400372 - System CA pool excluded when registry CA is used from /etc/docker 1403264 - systemctl start docker for docker-1.12.3-10.el7.x86_64 fails to start 1403270 - Upgrade to RHEL Atomic 7.3.1 breaks the sshd authentication via SSSD 1403370 - failed to install selinux policies from containers-selinux when installing docker 1.12 1403843 - Installing container-selinux-1.12.3-10.el7.x86_64 produces errors 1404298 - [extras-rhel-7.3.2] rebase docker to v1.12.4 + projectatomic patches 1404372 - docker-1.12: exec: "docker-proxy": executable file not found in $PATH. 1405306 - docker run with parameter "--privileged" get failed 1405464 - docker panic trying to 'atomic install' the openscap container 1405888 - container-selinux breaks anytime selinux-policy-targeted is updated 1405989 - Attempt to install latest docker fails due to /libexecdir/docker/sh dependency 1406446 - Default to no signatures verification in docker 1409531 - CVE-2016-9962 docker: insecure opening of file-descriptor allows privilege escalation 1410434 - Docker 1.12.5 and OpenShift 3.4.0.38 : Frequent unexpected EOF during push causing build failures 1412385 - [extras-rhel-7.3.2] selinux issues 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: docker-1.12.5-14.el7.src.rpm x86_64: container-selinux-1.12.5-14.el7.x86_64.rpm docker-1.12.5-14.el7.x86_64.rpm docker-client-1.12.5-14.el7.x86_64.rpm docker-common-1.12.5-14.el7.x86_64.rpm docker-logrotate-1.12.5-14.el7.x86_64.rpm docker-lvm-plugin-1.12.5-14.el7.x86_64.rpm docker-novolume-plugin-1.12.5-14.el7.x86_64.rpm docker-rhel-push-plugin-1.12.5-14.el7.x86_64.rpm docker-v1.10-migrator-1.12.5-14.el7.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: docker-1.12.5-14.el7.src.rpm x86_64: container-selinux-1.12.5-14.el7.x86_64.rpm docker-1.12.5-14.el7.x86_64.rpm docker-client-1.12.5-14.el7.x86_64.rpm docker-common-1.12.5-14.el7.x86_64.rpm docker-logrotate-1.12.5-14.el7.x86_64.rpm docker-lvm-plugin-1.12.5-14.el7.x86_64.rpm docker-novolume-plugin-1.12.5-14.el7.x86_64.rpm docker-rhel-push-plugin-1.12.5-14.el7.x86_64.rpm docker-v1.10-migrator-1.12.5-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9962 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/cve-2016-9962 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfyEUXlSAg2UNWIIRApDXAKCRBiBH+9wKesI08XZoIVTvu7DEdwCeNzMQ IhQpU3X4wDJ68mkUTHh70KA= =mDIf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 18 08:09:13 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jan 2017 08:09:13 +0000 Subject: [RHSA-2017:0123-01] Moderate: docker-latest security, bug fix, and enhancement update Message-ID: <201701180809.v0I89ECW027070@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: docker-latest security, bug fix, and enhancement update Advisory ID: RHSA-2017:0123-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0123.html Issue date: 2017-01-17 CVE Names: CVE-2016-9962 ===================================================================== 1. Summary: An update for docker-latest is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - x86_64 3. Description: Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, and self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker-latest (1.12.5). (BZ#1404309) Security Fix(es): * The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception. (CVE-2016-9962) Red Hat would like to thank the Docker project for reporting this issue. Upstream acknowledges Aleksa Sarai (SUSE) and Tonis Tiigi (Docker) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1402086 - Can't open '/path/to/dir': No such file or directory; volume still in use 1404309 - [extras-rhel-7.3.2] rebase docker-latest to v1.12.4 + projectatomic patches 1406500 - fork/exec .../docker-runc: no such file or directory 1409531 - CVE-2016-9962 docker: insecure opening of file-descriptor allows privilege escalation 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: docker-latest-1.12.5-14.el7.src.rpm x86_64: docker-client-latest-1.12.5-14.el7.x86_64.rpm docker-latest-1.12.5-14.el7.x86_64.rpm docker-latest-logrotate-1.12.5-14.el7.x86_64.rpm docker-latest-v1.10-migrator-1.12.5-14.el7.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: docker-latest-1.12.5-14.el7.src.rpm x86_64: docker-client-latest-1.12.5-14.el7.x86_64.rpm docker-latest-1.12.5-14.el7.x86_64.rpm docker-latest-logrotate-1.12.5-14.el7.x86_64.rpm docker-latest-v1.10-migrator-1.12.5-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9962 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/cve-2016-9962 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfyJgXlSAg2UNWIIRAnnrAJ0WipR3/8Utg6oSRT9+rA+qCJNBwACfdzre 5i8Y5oFQv6p1oD1EYBZRWLo= =mgBp -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 18 08:10:46 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jan 2017 08:10:46 +0000 Subject: [RHSA-2017:0127-01] Moderate: runc security and bug fix update Message-ID: <201701180810.v0I8Am5H021746@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: runc security and bug fix update Advisory ID: RHSA-2017:0127-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0127.html Issue date: 2017-01-17 CVE Names: CVE-2016-9962 ===================================================================== 1. Summary: An update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - x86_64 3. Description: The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception. (CVE-2016-9962) Red Hat would like to thank the Docker project for reporting this issue. Upstream acknowledges Aleksa Sarai (SUSE) and Tonis Tiigi (Docker) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1409531 - CVE-2016-9962 docker: insecure opening of file-descriptor allows privilege escalation 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: runc-1.0.0-1.rc2.el7.src.rpm x86_64: runc-1.0.0-1.rc2.el7.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: runc-1.0.0-1.rc2.el7.src.rpm x86_64: runc-1.0.0-1.rc2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9962 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYfyLBXlSAg2UNWIIRAmorAJ4yKTxWYeAieLAWdRZ7EaIAEFyCigCgiplm ySKB7xuuqECCEuGgNAnnn2E= =MNoW -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 14:28:27 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2017 14:28:27 +0000 Subject: [RHSA-2017:0175-01] Critical: java-1.8.0-oracle security update Message-ID: <201701191428.v0JESUQd008421@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2017:0175-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0175.html Issue date: 2017-01-19 CVE Names: CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-8328 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3262 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 121. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414162 - CVE-2017-3262 Oracle JDK: unspecified vulnerability fixed in 8u121 (Java Mission Control) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 1414164 - CVE-2016-8328 Oracle JDK: unspecified vulnerability fixed in 8u121 (Java Mission Control) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.8.0-oracle-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el6_8.i686.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el6_8.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.8.0-oracle-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.121-1jpp.1.el7_3.x86_64.rpm java-1.8.0-oracle-src-1.8.0.121-1jpp.1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2016-8328 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3262 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgMzpXlSAg2UNWIIRAu9dAKCK5SMCqDIYzPqNjGWSQGDIhXOM0wCgmFli MtP+N/NM+v9fYxawJsdRvuQ= =sIsu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 14:29:41 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2017 14:29:41 +0000 Subject: [RHSA-2017:0176-01] Critical: java-1.7.0-oracle security update Message-ID: <201701191429.v0JEThhH003137@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2017:0176-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0176.html Issue date: 2017-01-19 CVE Names: CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 131. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.i686.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el7_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_131 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgM1CXlSAg2UNWIIRAvKhAJ4p9jlho7/BrZn7QJzweeekZ4zcsACgujQh +a0VKcnkdVBbe8XdRKRCrwk= =MOs3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 14:30:47 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2017 14:30:47 +0000 Subject: [RHSA-2017:0177-01] Critical: java-1.6.0-sun security update Message-ID: <201701191430.v0JEUm6D023847@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2017:0177-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0177.html Issue date: 2017-01-19 CVE Names: CVE-2016-5546 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 ===================================================================== 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 141. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 5: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_141 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgM1+XlSAg2UNWIIRAm27AJ9EGMQzzxN1bUrT8syLYld7CcaPRQCfYsqY 9KAHvLsl8r9T7HgcFDl/58c= =i/Al -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 23:41:10 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2017 23:41:10 +0000 Subject: [RHSA-2017:0153-01] Moderate: openstack-cinder security update Message-ID: <201701192341.v0JNfA2i021885@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security update Advisory ID: RHSA-2017:0153-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0153.html Issue date: 2017-01-19 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: openstack-cinder-2014.1.5-9.el7ost.src.rpm noarch: openstack-cinder-2014.1.5-9.el7ost.noarch.rpm openstack-cinder-doc-2014.1.5-9.el7ost.noarch.rpm python-cinder-2014.1.5-9.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgU6HXlSAg2UNWIIRAmnUAKCrAMvyaA8ZIjtFDaNAwemHLUv2UQCglB8I w0gIbNeTkVdyG4alE01AiSc= =bvVL -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 23:41:38 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2017 23:41:38 +0000 Subject: [RHSA-2017:0156-01] Moderate: openstack-cinder security update Message-ID: <201701192341.v0JNfcRK026007@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security update Advisory ID: RHSA-2017:0156-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0156.html Issue date: 2017-01-19 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: Updated openstack-cinder packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1198169 - Cinder volumes attached to none 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 1370012 - NetApp Cinder driver: cloning operations are unsuccessful 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: openstack-cinder-2014.2.4-11.el7ost.src.rpm noarch: openstack-cinder-2014.2.4-11.el7ost.noarch.rpm openstack-cinder-doc-2014.2.4-11.el7ost.noarch.rpm python-cinder-2014.2.4-11.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgU6lXlSAg2UNWIIRAv7hAJ4s7TIuGiStvCJ/sAMTwU8lP8cXWgCgm88h q0BrLuhJeNwqDYcGd6ZmZ2k= =kDYP -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 23:42:01 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2017 23:42:01 +0000 Subject: [RHSA-2017:0165-01] Moderate: openstack-cinder security update Message-ID: <201701192342.v0JNg3cB006892@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security update Advisory ID: RHSA-2017:0165-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0165.html Issue date: 2017-01-19 CVE Names: CVE-2015-5162 ===================================================================== 1. Summary: An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API. Security Fix(es): * A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: openstack-cinder-2014.1.5-9.el6ost.src.rpm noarch: openstack-cinder-2014.1.5-9.el6ost.noarch.rpm openstack-cinder-doc-2014.1.5-9.el6ost.noarch.rpm python-cinder-2014.1.5-9.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgU7BXlSAg2UNWIIRAjMsAJ9SQo/s2AoQbxutqh4LQ7TTKay64wCfRBMs aHBiZ58uCJj+SMj5IV686KI= =AL03 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jan 20 00:28:17 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Jan 2017 00:28:17 +0000 Subject: [RHSA-2017:0161-01] Low: python-XStatic-jquery-ui security update Message-ID: <201701200028.v0K0SHor009459@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: python-XStatic-jquery-ui security update Advisory ID: RHSA-2017:0161-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0161.html Issue date: 2017-01-19 CVE Names: CVE-2016-7103 ===================================================================== 1. Summary: An update for python-XStatic-jquery-ui is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - noarch 3. Description: jQuery UI is a set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript library. Security Fix(es): * It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. (CVE-2016-7103) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1360286 - CVE-2016-7103 jquery-ui: cross-site scripting in dialog closeText 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.src.rpm noarch: python-XStatic-jquery-ui-1.12.0.1-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7103 https://access.redhat.com/security/updates/classification/#low https://nodesecurity.io/advisories/127 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgVmHXlSAg2UNWIIRAqOYAJ9CAZh5RyphQZ1aLSPaLXC0EDwn8gCgmPXf Oe38j2e0sr/a93CI+Xr7Lj0= =sqRG -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jan 20 11:14:28 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Jan 2017 11:14:28 +0000 Subject: [RHSA-2017:0180-01] Critical: java-1.8.0-openjdk security update Message-ID: <201701201114.v0KBEVH1016538@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: RHSA-2017:0180-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0180.html Issue date: 2017-01-20 CVE Names: CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.src.rpm i386: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.i686.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8.i686.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el6_8.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el6_8.noarch.rpm x86_64: java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el6_8.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.121-0.b13.el7_3.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.121-0.b13.el7_3.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.aarch64.rpm ppc64: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.aarch64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.121-0.b13.el7_3.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.ppc64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.ppc64le.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.s390x.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.121-0.b13.el7_3.noarch.rpm java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.121-0.b13.el7_3.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.121-0.b13.el7_3.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.121-0.b13.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYgfCqXlSAg2UNWIIRAm0RAJ9XZsvjhAQhSWp8fHYUhnRottwMjgCdFuf4 1TOG8LB4Z2VKMr8fAq+dI8o= =JSDJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 10:07:19 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2017 05:07:19 -0500 Subject: [RHSA-2017:0182-01] Moderate: squid security update Message-ID: <201701241007.v0OA7Jcq015120@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2017:0182-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0182.html Issue date: 2017-01-24 CVE Names: CVE-2016-10002 ===================================================================== 1. Summary: An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the squid service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1405941 - CVE-2016-10002 squid: Information disclosure in HTTP request processing 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: squid-3.5.20-2.el7_3.2.src.rpm aarch64: squid-3.5.20-2.el7_3.2.aarch64.rpm squid-debuginfo-3.5.20-2.el7_3.2.aarch64.rpm squid-migration-script-3.5.20-2.el7_3.2.aarch64.rpm ppc64: squid-3.5.20-2.el7_3.2.ppc64.rpm squid-debuginfo-3.5.20-2.el7_3.2.ppc64.rpm squid-migration-script-3.5.20-2.el7_3.2.ppc64.rpm ppc64le: squid-3.5.20-2.el7_3.2.ppc64le.rpm squid-debuginfo-3.5.20-2.el7_3.2.ppc64le.rpm squid-migration-script-3.5.20-2.el7_3.2.ppc64le.rpm s390x: squid-3.5.20-2.el7_3.2.s390x.rpm squid-debuginfo-3.5.20-2.el7_3.2.s390x.rpm squid-migration-script-3.5.20-2.el7_3.2.s390x.rpm x86_64: squid-3.5.20-2.el7_3.2.x86_64.rpm squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm squid-migration-script-3.5.20-2.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: squid-debuginfo-3.5.20-2.el7_3.2.aarch64.rpm squid-sysvinit-3.5.20-2.el7_3.2.aarch64.rpm ppc64: squid-debuginfo-3.5.20-2.el7_3.2.ppc64.rpm squid-sysvinit-3.5.20-2.el7_3.2.ppc64.rpm ppc64le: squid-debuginfo-3.5.20-2.el7_3.2.ppc64le.rpm squid-sysvinit-3.5.20-2.el7_3.2.ppc64le.rpm s390x: squid-debuginfo-3.5.20-2.el7_3.2.s390x.rpm squid-sysvinit-3.5.20-2.el7_3.2.s390x.rpm x86_64: squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm squid-sysvinit-3.5.20-2.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: squid-3.5.20-2.el7_3.2.src.rpm x86_64: squid-3.5.20-2.el7_3.2.x86_64.rpm squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm squid-migration-script-3.5.20-2.el7_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: squid-debuginfo-3.5.20-2.el7_3.2.x86_64.rpm squid-sysvinit-3.5.20-2.el7_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-10002 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYhydVXlSAg2UNWIIRAk3mAJ0cLlhrqTWSdv33qPv8etLdFDC+kACeLLVk T4lzvXlrr86bQ95kwcKdhtM= =XPkv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 10:07:28 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2017 05:07:28 -0500 Subject: [RHSA-2017:0183-01] Moderate: squid34 security update Message-ID: <201701241007.v0OA7Sk7004846@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid34 security update Advisory ID: RHSA-2017:0183-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0183.html Issue date: 2017-01-24 CVE Names: CVE-2016-10002 ===================================================================== 1. Summary: An update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the squid service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1405941 - CVE-2016-10002 squid: Information disclosure in HTTP request processing 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: squid34-3.4.14-9.el6_8.4.src.rpm i386: squid34-3.4.14-9.el6_8.4.i686.rpm squid34-debuginfo-3.4.14-9.el6_8.4.i686.rpm ppc64: squid34-3.4.14-9.el6_8.4.ppc64.rpm squid34-debuginfo-3.4.14-9.el6_8.4.ppc64.rpm s390x: squid34-3.4.14-9.el6_8.4.s390x.rpm squid34-debuginfo-3.4.14-9.el6_8.4.s390x.rpm x86_64: squid34-3.4.14-9.el6_8.4.x86_64.rpm squid34-debuginfo-3.4.14-9.el6_8.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: squid34-3.4.14-9.el6_8.4.src.rpm i386: squid34-3.4.14-9.el6_8.4.i686.rpm squid34-debuginfo-3.4.14-9.el6_8.4.i686.rpm x86_64: squid34-3.4.14-9.el6_8.4.x86_64.rpm squid34-debuginfo-3.4.14-9.el6_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-10002 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYhydeXlSAg2UNWIIRAowZAJ4iM7u4WQew72Fr6RsBEFZvMz5IwgCbBG6E ra6tyBBtipZbcvC5DWbu4MI= =XueR -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 11:57:04 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2017 11:57:04 +0000 Subject: [RHSA-2017:0184-01] Important: mysql security update Message-ID: <201701241157.v0OBv6ZS006089@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql security update Advisory ID: RHSA-2017:0184-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0184.html Issue date: 2017-01-24 CVE Names: CVE-2016-5616 CVE-2016-6662 CVE-2016-6663 ===================================================================== 1. Summary: An update for mysql is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) 1378936 - CVE-2016-6663 CVE-2016-5616 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: mysql-5.1.73-8.el6_8.src.rpm i386: mysql-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-server-5.1.73-8.el6_8.i686.rpm x86_64: mysql-5.1.73-8.el6_8.x86_64.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.x86_64.rpm mysql-server-5.1.73-8.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: mysql-bench-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm mysql-test-5.1.73-8.el6_8.i686.rpm x86_64: mysql-bench-5.1.73-8.el6_8.x86_64.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.x86_64.rpm mysql-test-5.1.73-8.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: mysql-5.1.73-8.el6_8.src.rpm x86_64: mysql-5.1.73-8.el6_8.x86_64.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: mysql-bench-5.1.73-8.el6_8.x86_64.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.x86_64.rpm mysql-server-5.1.73-8.el6_8.x86_64.rpm mysql-test-5.1.73-8.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: mysql-5.1.73-8.el6_8.src.rpm i386: mysql-5.1.73-8.el6_8.i686.rpm mysql-bench-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-server-5.1.73-8.el6_8.i686.rpm mysql-test-5.1.73-8.el6_8.i686.rpm ppc64: mysql-5.1.73-8.el6_8.ppc64.rpm mysql-bench-5.1.73-8.el6_8.ppc64.rpm mysql-debuginfo-5.1.73-8.el6_8.ppc.rpm mysql-debuginfo-5.1.73-8.el6_8.ppc64.rpm mysql-devel-5.1.73-8.el6_8.ppc.rpm mysql-devel-5.1.73-8.el6_8.ppc64.rpm mysql-libs-5.1.73-8.el6_8.ppc.rpm mysql-libs-5.1.73-8.el6_8.ppc64.rpm mysql-server-5.1.73-8.el6_8.ppc64.rpm mysql-test-5.1.73-8.el6_8.ppc64.rpm s390x: mysql-5.1.73-8.el6_8.s390x.rpm mysql-bench-5.1.73-8.el6_8.s390x.rpm mysql-debuginfo-5.1.73-8.el6_8.s390.rpm mysql-debuginfo-5.1.73-8.el6_8.s390x.rpm mysql-devel-5.1.73-8.el6_8.s390.rpm mysql-devel-5.1.73-8.el6_8.s390x.rpm mysql-libs-5.1.73-8.el6_8.s390.rpm mysql-libs-5.1.73-8.el6_8.s390x.rpm mysql-server-5.1.73-8.el6_8.s390x.rpm mysql-test-5.1.73-8.el6_8.s390x.rpm x86_64: mysql-5.1.73-8.el6_8.x86_64.rpm mysql-bench-5.1.73-8.el6_8.x86_64.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.x86_64.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.x86_64.rpm mysql-server-5.1.73-8.el6_8.x86_64.rpm mysql-test-5.1.73-8.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm ppc64: mysql-debuginfo-5.1.73-8.el6_8.ppc.rpm mysql-debuginfo-5.1.73-8.el6_8.ppc64.rpm mysql-embedded-5.1.73-8.el6_8.ppc.rpm mysql-embedded-5.1.73-8.el6_8.ppc64.rpm mysql-embedded-devel-5.1.73-8.el6_8.ppc.rpm mysql-embedded-devel-5.1.73-8.el6_8.ppc64.rpm s390x: mysql-debuginfo-5.1.73-8.el6_8.s390.rpm mysql-debuginfo-5.1.73-8.el6_8.s390x.rpm mysql-embedded-5.1.73-8.el6_8.s390.rpm mysql-embedded-5.1.73-8.el6_8.s390x.rpm mysql-embedded-devel-5.1.73-8.el6_8.s390.rpm mysql-embedded-devel-5.1.73-8.el6_8.s390x.rpm x86_64: mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: mysql-5.1.73-8.el6_8.src.rpm i386: mysql-5.1.73-8.el6_8.i686.rpm mysql-bench-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-server-5.1.73-8.el6_8.i686.rpm mysql-test-5.1.73-8.el6_8.i686.rpm x86_64: mysql-5.1.73-8.el6_8.x86_64.rpm mysql-bench-5.1.73-8.el6_8.x86_64.rpm mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-devel-5.1.73-8.el6_8.i686.rpm mysql-devel-5.1.73-8.el6_8.x86_64.rpm mysql-libs-5.1.73-8.el6_8.i686.rpm mysql-libs-5.1.73-8.el6_8.x86_64.rpm mysql-server-5.1.73-8.el6_8.x86_64.rpm mysql-test-5.1.73-8.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm x86_64: mysql-debuginfo-5.1.73-8.el6_8.i686.rpm mysql-debuginfo-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-5.1.73-8.el6_8.i686.rpm mysql-embedded-5.1.73-8.el6_8.x86_64.rpm mysql-embedded-devel-5.1.73-8.el6_8.i686.rpm mysql-embedded-devel-5.1.73-8.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5616 https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/cve/CVE-2016-6663 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYh0DtXlSAg2UNWIIRAoXqAJ4oa8Y6dAKNNOWZ7W8UpiGaow3FtQCfQzKY U17SwyNeztdtdaQuaVtIhqw= =cMjq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 25 09:56:13 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Jan 2017 09:56:13 +0000 Subject: [RHSA-2017:0190-01] Critical: firefox security update Message-ID: <201701250956.v0P9uFiL029341@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2017:0190-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0190.html Issue date: 2017-01-25 CVE Names: CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andr? Bargull, Jan de Mooij, Tom Schuster, and Oriol, Rh0, Nicolas Gr?goire, and Jerri Rice as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1415924 - CVE-2017-5373 Mozilla: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (MFSA 2017-01) 1416271 - CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02) 1416272 - CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02) 1416273 - CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02) 1416274 - CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02) 1416279 - CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02) 1416280 - CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02) 1416281 - CVE-2017-5383 Mozilla:Location bar spoofing with unicode characters (MFSA 2017-02) 1416282 - CVE-2017-5386 Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-45.7.0-1.el5_11.src.rpm i386: firefox-45.7.0-1.el5_11.i386.rpm firefox-debuginfo-45.7.0-1.el5_11.i386.rpm x86_64: firefox-45.7.0-1.el5_11.i386.rpm firefox-45.7.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.7.0-1.el5_11.i386.rpm firefox-debuginfo-45.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-45.7.0-1.el5_11.src.rpm i386: firefox-45.7.0-1.el5_11.i386.rpm firefox-debuginfo-45.7.0-1.el5_11.i386.rpm ppc: firefox-45.7.0-1.el5_11.ppc64.rpm firefox-debuginfo-45.7.0-1.el5_11.ppc64.rpm s390x: firefox-45.7.0-1.el5_11.s390x.rpm firefox-debuginfo-45.7.0-1.el5_11.s390x.rpm x86_64: firefox-45.7.0-1.el5_11.i386.rpm firefox-45.7.0-1.el5_11.x86_64.rpm firefox-debuginfo-45.7.0-1.el5_11.i386.rpm firefox-debuginfo-45.7.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-45.7.0-1.el6_8.src.rpm i386: firefox-45.7.0-1.el6_8.i686.rpm firefox-debuginfo-45.7.0-1.el6_8.i686.rpm x86_64: firefox-45.7.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-45.7.0-1.el6_8.i686.rpm firefox-debuginfo-45.7.0-1.el6_8.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-45.7.0-1.el6_8.src.rpm x86_64: firefox-45.7.0-1.el6_8.i686.rpm firefox-45.7.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.7.0-1.el6_8.i686.rpm firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-45.7.0-1.el6_8.src.rpm i386: firefox-45.7.0-1.el6_8.i686.rpm firefox-debuginfo-45.7.0-1.el6_8.i686.rpm ppc64: firefox-45.7.0-1.el6_8.ppc64.rpm firefox-debuginfo-45.7.0-1.el6_8.ppc64.rpm s390x: firefox-45.7.0-1.el6_8.s390x.rpm firefox-debuginfo-45.7.0-1.el6_8.s390x.rpm x86_64: firefox-45.7.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: firefox-45.7.0-1.el6_8.i686.rpm firefox-debuginfo-45.7.0-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-45.7.0-1.el6_8.src.rpm i386: firefox-45.7.0-1.el6_8.i686.rpm firefox-debuginfo-45.7.0-1.el6_8.i686.rpm x86_64: firefox-45.7.0-1.el6_8.x86_64.rpm firefox-debuginfo-45.7.0-1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-45.7.0-1.el6_8.i686.rpm firefox-debuginfo-45.7.0-1.el6_8.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-45.7.0-1.el7_3.src.rpm x86_64: firefox-45.7.0-1.el7_3.x86_64.rpm firefox-debuginfo-45.7.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-45.7.0-1.el7_3.i686.rpm firefox-debuginfo-45.7.0-1.el7_3.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-45.7.0-1.el7_3.src.rpm aarch64: firefox-45.7.0-1.el7_3.aarch64.rpm firefox-debuginfo-45.7.0-1.el7_3.aarch64.rpm ppc64: firefox-45.7.0-1.el7_3.ppc64.rpm firefox-debuginfo-45.7.0-1.el7_3.ppc64.rpm ppc64le: firefox-45.7.0-1.el7_3.ppc64le.rpm firefox-debuginfo-45.7.0-1.el7_3.ppc64le.rpm s390x: firefox-45.7.0-1.el7_3.s390x.rpm firefox-debuginfo-45.7.0-1.el7_3.s390x.rpm x86_64: firefox-45.7.0-1.el7_3.x86_64.rpm firefox-debuginfo-45.7.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-45.7.0-1.el7_3.i686.rpm firefox-debuginfo-45.7.0-1.el7_3.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-45.7.0-1.el7_3.src.rpm x86_64: firefox-45.7.0-1.el7_3.x86_64.rpm firefox-debuginfo-45.7.0-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-45.7.0-1.el7_3.i686.rpm firefox-debuginfo-45.7.0-1.el7_3.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5373 https://access.redhat.com/security/cve/CVE-2017-5375 https://access.redhat.com/security/cve/CVE-2017-5376 https://access.redhat.com/security/cve/CVE-2017-5378 https://access.redhat.com/security/cve/CVE-2017-5380 https://access.redhat.com/security/cve/CVE-2017-5383 https://access.redhat.com/security/cve/CVE-2017-5386 https://access.redhat.com/security/cve/CVE-2017-5390 https://access.redhat.com/security/cve/CVE-2017-5396 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.7 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYiHYyXlSAg2UNWIIRAtAAAKCwDibjavMUgpo76nzm+Lratno50gCfS2wP SyArDDAAwG3bghzp2Y9zEsk= =L0Rr -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 25 22:25:26 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Jan 2017 22:25:26 +0000 Subject: [RHSA-2017:0195-01] Important: ansible security update Message-ID: <201701252225.v0PMPVZt015678@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ansible security update Advisory ID: RHSA-2017:0195-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0195.html Issue date: 2017-01-25 CVE Names: CVE-2016-9587 ===================================================================== 1. Summary: An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.2.1.0). (BZ#1412370) Security Fix(es): * An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges. (CVE-2016-9587) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1404378 - CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller 6. Package List: Red Hat OpenStack Platform 10.0: Source: ansible-2.2.1.0-1.el7.src.rpm noarch: ansible-2.2.1.0-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9587 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYiSXOXlSAg2UNWIIRAomCAJ0bXrV5SWuMuCV1azYs9+oYv7PL7QCdEgLy qUxzD0QCO6TP449uVqd7dJw= =SCLH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 26 10:35:49 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Jan 2017 10:35:49 +0000 Subject: [RHSA-2017:0196-01] Important: kernel security update Message-ID: <201701261035.v0QAZoFE018730@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0196-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0196.html Issue date: 2017-01-26 CVE Names: CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.76.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.76.1.el6.noarch.rpm kernel-firmware-2.6.32-358.76.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.76.1.el6.x86_64.rpm kernel-debug-2.6.32-358.76.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.76.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.76.1.el6.x86_64.rpm kernel-devel-2.6.32-358.76.1.el6.x86_64.rpm kernel-headers-2.6.32-358.76.1.el6.x86_64.rpm perf-2.6.32-358.76.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.76.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.76.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm python-perf-2.6.32-358.76.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.76.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYidD3XlSAg2UNWIIRAuCUAKCtX5BCxnI45mp3WewFkXgkNFjTKwCgkG8z +R4jILmDFNsPExi15/qvMyY= =rlSe -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 26 21:56:16 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Jan 2017 21:56:16 +0000 Subject: [RHSA-2017:0200-01] Moderate: puppet-swift security update Message-ID: <201701262156.v0QLuIHT018258@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: puppet-swift security update Advisory ID: RHSA-2017:0200-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0200.html Issue date: 2017-01-26 CVE Names: CVE-2016-9590 ===================================================================== 1. Summary: An update for puppet-swift is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: puppet-swift is the Puppet module used by Red Hat OpenStack Platform director to install OpenStack Object Storage (swift). Security Fix(es): * An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. (CVE-2016-9590) Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1410293 - CVE-2016-9590 puppet-swift: installs config file with world readable permissions 6. Package List: Red Hat OpenStack Platform 10.0: Source: puppet-swift-9.4.3-3.el7ost.src.rpm noarch: puppet-swift-9.4.3-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-9590 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYinB2XlSAg2UNWIIRAuAhAKDCSmxOLZ2DlXQ2S4mNR3vxC489lgCeO2aE 4FTAiWgbe5CyPXziNeWsLVM= =/Gof -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 26 22:05:32 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Jan 2017 22:05:32 +0000 Subject: [RHSA-2017:0206-01] Important: chromium-browser security update Message-ID: <201701262205.v0QM5XqG003003@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2017:0206-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0206.html Issue date: 2017-01-26 CVE Names: CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 56.0.2924.76. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1416657 - CVE-2017-5007 chromium-browser: universal xss in blink 1416658 - CVE-2017-5006 chromium-browser: universal xss in blink 1416659 - CVE-2017-5008 chromium-browser: universal xss in blink 1416660 - CVE-2017-5010 chromium-browser: universal xss in blink 1416661 - CVE-2017-5011 chromium-browser: unauthorised file access in devtools 1416662 - CVE-2017-5009 chromium-browser: out of bounds memory access in webrtc 1416663 - CVE-2017-5012 chromium-browser: heap overflow in v8 1416664 - CVE-2017-5013 chromium-browser: address spoofing in omnibox 1416665 - CVE-2017-5014 chromium-browser: heap overflow in skia 1416666 - CVE-2017-5015 chromium-browser: address spoofing in omnibox 1416667 - CVE-2017-5019 chromium-browser: use after free in renderer 1416668 - CVE-2017-5016 chromium-browser: ui spoofing in blink 1416669 - CVE-2017-5017 chromium-browser: uninitialised memory access in webm video 1416670 - CVE-2017-5018 chromium-browser: universal xss in chrome://apps 1416671 - CVE-2017-5020 chromium-browser: universal xss in chrome://downloads 1416672 - CVE-2017-5021 chromium-browser: use after free in extensions 1416673 - CVE-2017-5022 chromium-browser: bypass of content security policy in blink 1416674 - CVE-2017-5023 chromium-browser: type confusion in metrics 1416675 - CVE-2017-5024 chromium-browser: heap overflow in ffmpeg 1416676 - CVE-2017-5025 chromium-browser: heap overflow in ffmpeg 1416677 - CVE-2017-5026 chromium-browser: ui spoofing 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-56.0.2924.76-1.el6.i686.rpm chromium-browser-debuginfo-56.0.2924.76-1.el6.i686.rpm x86_64: chromium-browser-56.0.2924.76-1.el6.x86_64.rpm chromium-browser-debuginfo-56.0.2924.76-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-56.0.2924.76-1.el6.i686.rpm chromium-browser-debuginfo-56.0.2924.76-1.el6.i686.rpm x86_64: chromium-browser-56.0.2924.76-1.el6.x86_64.rpm chromium-browser-debuginfo-56.0.2924.76-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-56.0.2924.76-1.el6.i686.rpm chromium-browser-debuginfo-56.0.2924.76-1.el6.i686.rpm x86_64: chromium-browser-56.0.2924.76-1.el6.x86_64.rpm chromium-browser-debuginfo-56.0.2924.76-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5006 https://access.redhat.com/security/cve/CVE-2017-5007 https://access.redhat.com/security/cve/CVE-2017-5008 https://access.redhat.com/security/cve/CVE-2017-5009 https://access.redhat.com/security/cve/CVE-2017-5010 https://access.redhat.com/security/cve/CVE-2017-5011 https://access.redhat.com/security/cve/CVE-2017-5012 https://access.redhat.com/security/cve/CVE-2017-5013 https://access.redhat.com/security/cve/CVE-2017-5014 https://access.redhat.com/security/cve/CVE-2017-5015 https://access.redhat.com/security/cve/CVE-2017-5016 https://access.redhat.com/security/cve/CVE-2017-5017 https://access.redhat.com/security/cve/CVE-2017-5018 https://access.redhat.com/security/cve/CVE-2017-5019 https://access.redhat.com/security/cve/CVE-2017-5020 https://access.redhat.com/security/cve/CVE-2017-5021 https://access.redhat.com/security/cve/CVE-2017-5022 https://access.redhat.com/security/cve/CVE-2017-5023 https://access.redhat.com/security/cve/CVE-2017-5024 https://access.redhat.com/security/cve/CVE-2017-5025 https://access.redhat.com/security/cve/CVE-2017-5026 https://access.redhat.com/security/updates/classification/#important https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYinKOXlSAg2UNWIIRAnFVAJ9oP4Zb30KCP1XARUBiQU4CezOGbQCfaW6u 86uCGRaOeIAWJQ96hjxuWlo= =zTq3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 05:55:05 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2017 05:55:05 +0000 Subject: [RHSA-2017:0211-01] Important: nagios security update Message-ID: <201701310555.v0V5t5GY027261@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nagios security update Advisory ID: RHSA-2017:0211-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0211.html Issue date: 2017-01-31 CVE Names: CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 CVE-2016-9565 CVE-2016-9566 ===================================================================== 1. Summary: An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 - x86_64 3. Description: Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. Security Fix(es): * Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009) * It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565) * A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566) Red Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1121497 - CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 snoopy: incomplete fixes for command execution flaws 1402869 - CVE-2016-9566 nagios: Privilege escalation issue 1405363 - CVE-2016-9565 nagios: Command injection via curl in MagpieRSS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7: Source: nagios-3.5.1-9.el7.src.rpm x86_64: nagios-3.5.1-9.el7.x86_64.rpm nagios-common-3.5.1-9.el7.x86_64.rpm nagios-debuginfo-3.5.1-9.el7.x86_64.rpm nagios-devel-3.5.1-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2008-7313 https://access.redhat.com/security/cve/CVE-2014-5008 https://access.redhat.com/security/cve/CVE-2014-5009 https://access.redhat.com/security/cve/CVE-2016-9565 https://access.redhat.com/security/cve/CVE-2016-9566 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkCaoXlSAg2UNWIIRAq8KAJsHrOnn4/glzj1nYvnqIA3HTAz5QwCfSOVl geIsP+dy9flRZ4Wj2t9856I= =Ym4o -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 05:55:38 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2017 05:55:38 +0000 Subject: [RHSA-2017:0212-01] Important: nagios security update Message-ID: <201701310555.v0V5tcTm024339@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nagios security update Advisory ID: RHSA-2017:0212-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0212.html Issue date: 2017-01-31 CVE Names: CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 CVE-2016-9565 CVE-2016-9566 ===================================================================== 1. Summary: An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 - x86_64 3. Description: Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. Security Fix(es): * Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009) * It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565) * A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566) Red Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1121497 - CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 snoopy: incomplete fixes for command execution flaws 1402869 - CVE-2016-9566 nagios: Privilege escalation issue 1405363 - CVE-2016-9565 nagios: Command injection via curl in MagpieRSS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6: Source: nagios-3.5.1-9.el6.src.rpm x86_64: nagios-3.5.1-9.el6.x86_64.rpm nagios-common-3.5.1-9.el6.x86_64.rpm nagios-debuginfo-3.5.1-9.el6.x86_64.rpm nagios-devel-3.5.1-9.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2008-7313 https://access.redhat.com/security/cve/CVE-2014-5008 https://access.redhat.com/security/cve/CVE-2014-5009 https://access.redhat.com/security/cve/CVE-2016-9565 https://access.redhat.com/security/cve/CVE-2016-9566 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkCbVXlSAg2UNWIIRAvmeAJ0cjYwu/HcKCJWPmwUBfGVwmlwRxACfRfWl hmhCD7/BA9t7GDktBaiuyAY= =7Yqb -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 05:56:01 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2017 05:56:01 +0000 Subject: [RHSA-2017:0213-01] Important: nagios security update Message-ID: <201701310556.v0V5u18v024001@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nagios security update Advisory ID: RHSA-2017:0213-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0213.html Issue date: 2017-01-31 CVE Names: CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 CVE-2016-9565 CVE-2016-9566 ===================================================================== 1. Summary: An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - x86_64 3. Description: Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. Security Fix(es): * Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009) * It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565) * A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566) Red Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1121497 - CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 snoopy: incomplete fixes for command execution flaws 1402869 - CVE-2016-9566 nagios: Privilege escalation issue 1405363 - CVE-2016-9565 nagios: Command injection via curl in MagpieRSS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: nagios-3.5.1-9.el7.src.rpm x86_64: nagios-3.5.1-9.el7.x86_64.rpm nagios-common-3.5.1-9.el7.x86_64.rpm nagios-debuginfo-3.5.1-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2008-7313 https://access.redhat.com/security/cve/CVE-2014-5008 https://access.redhat.com/security/cve/CVE-2014-5009 https://access.redhat.com/security/cve/CVE-2016-9565 https://access.redhat.com/security/cve/CVE-2016-9566 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkCboXlSAg2UNWIIRAsmUAJ4tJSZySTUHya4D1w27YCjsm+FAuQCdFWk3 0H0wbFF90Xpv7BMPSYQMwjU= =LJos -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 05:56:28 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2017 05:56:28 +0000 Subject: [RHSA-2017:0214-01] Important: nagios security update Message-ID: <201701310556.v0V5uS4l025005@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nagios security update Advisory ID: RHSA-2017:0214-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0214.html Issue date: 2017-01-31 CVE Names: CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 CVE-2016-9565 CVE-2016-9566 ===================================================================== 1. Summary: An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64 3. Description: Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. Security Fix(es): * Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers. (CVE-2008-7313, CVE-2014-5008, CVE-2014-5009) * It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system. (CVE-2016-9565) * A privileges flaw was found in Nagios where log files were unsafely handled. An attacker who could control Nagios logging configuration ('nagios' user/group) could exploit the flaw to elevate their access to that of a privileged user. (CVE-2016-9566) Red Hat would like to thank Dawid Golunski for reporting CVE-2016-9565 and CVE-2016-9566. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1121497 - CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 snoopy: incomplete fixes for command execution flaws 1402869 - CVE-2016-9566 nagios: Privilege escalation issue 1405363 - CVE-2016-9565 nagios: Command injection via curl in MagpieRSS 6. Package List: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7: Source: nagios-3.5.1-9.el7.src.rpm x86_64: nagios-3.5.1-9.el7.x86_64.rpm nagios-common-3.5.1-9.el7.x86_64.rpm nagios-debuginfo-3.5.1-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2008-7313 https://access.redhat.com/security/cve/CVE-2014-5008 https://access.redhat.com/security/cve/CVE-2014-5009 https://access.redhat.com/security/cve/CVE-2016-9565 https://access.redhat.com/security/cve/CVE-2016-9566 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkCcHXlSAg2UNWIIRAhALAKDFGGNrM9NNDt+0HUqCQtwD7ljW5gCfQ/2o 4LClj1xUG6AGmaG/Av9q+iQ= =XRC8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 14:40:17 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2017 14:40:17 +0000 Subject: [RHSA-2017:0217-01] Important: kernel security and bug fix update Message-ID: <201701311439.v0VEdt64006251@lists01.pubmisc.prod.ext.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0217.html Issue date: 2017-01-31 CVE Names: CVE-2016-2847 CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit. (CVE-2016-2847, Moderate) Red Hat would like to thank Tetsuo Handa for reporting CVE-2016-2847. Bug Fix(es): * Previously, an XFS corruption in some cases occurred on Seagate 8TB drive based volumes after a planned system shutdown or reboot, when a disk write back cache was used. With this update, the megaraid_sas driver has been fixed and the XFS corruption no longer occurs in the described scenario. (BZ#1398178) * This update applies a set of patches for the resizable hash table (rhashtable). This set contains backported bug fixes and enhancements from upstream. (BZ#1382630) * Previously, a kernel panic in some cases occurred during the boot with the Nonvolatile Memory Express (NVMe) kernel module, because the NVMe driver did not receive legacy PCI interrupts. This update fixes the NVMe driver to always use the Message Signaled Interrupts (MSI/MSI-X) interrupts. As a result, the operating system now boots without panic under the described circumstances. (BZ#1396558) * Previously, the Advanced Error Reporting (AER) correct error in some cases caused a kernel panic. This update fixes the _scsih_pci_mmio_enabled() function in the mpt3sas driver to not incorrectly return PCI_ERS_RESULT_NEED_RESET return value in the situation when PCI_ERS_RESULT_RECOVERED return value is expected. As a result, the kernel no longer panics due to _scsih_pci_mmio_enabled(). (BZ#1395220) * When resizing the Transmit (TX) and Receive (RX) rings in the sfc driver with the "ethtool -G" command, a kernel protection fault in the napi_hash_add() function occurred on systems with a large number of queues. With this update, the efx_copy_channel()function in the sfc driver has been fixed to correctly clear the napi_hash state. As a result, the sfc kernel module now unloads successfully without the mentioned kernel protection fault. (BZ#1401460) * When a virtual machine (VM) with 2 PCI-Passthrough Ethernet interfaces attached was created, deleted and recreated, the operating system terminated unexpectedly and rebooted during the recreation. This update fixes the race condition between the eventfd and virqfd signaling mechanisms in the vfio driver. As a result, the operating system now boots without crashing in the described situation. (BZ#1391610) * Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1388603) * Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398588) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1313428 - CVE-2016-2847 kernel: pipe: limit the per-user amount of pages allocated in pipes 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.2): Source: kernel-3.10.0-327.46.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.46.1.el7.noarch.rpm kernel-doc-3.10.0-327.46.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.46.1.el7.x86_64.rpm kernel-debug-3.10.0-327.46.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.46.1.el7.x86_64.rpm kernel-devel-3.10.0-327.46.1.el7.x86_64.rpm kernel-headers-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.46.1.el7.x86_64.rpm perf-3.10.0-327.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm python-perf-3.10.0-327.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.2): Source: kernel-3.10.0-327.46.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.46.1.el7.noarch.rpm kernel-doc-3.10.0-327.46.1.el7.noarch.rpm ppc64: kernel-3.10.0-327.46.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-327.46.1.el7.ppc64.rpm kernel-debug-3.10.0-327.46.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-327.46.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.46.1.el7.ppc64.rpm kernel-devel-3.10.0-327.46.1.el7.ppc64.rpm kernel-headers-3.10.0-327.46.1.el7.ppc64.rpm kernel-tools-3.10.0-327.46.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-327.46.1.el7.ppc64.rpm perf-3.10.0-327.46.1.el7.ppc64.rpm perf-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm python-perf-3.10.0-327.46.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-327.46.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.46.1.el7.ppc64le.rpm kernel-debug-3.10.0-327.46.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.46.1.el7.ppc64le.rpm kernel-devel-3.10.0-327.46.1.el7.ppc64le.rpm kernel-headers-3.10.0-327.46.1.el7.ppc64le.rpm kernel-tools-3.10.0-327.46.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.46.1.el7.ppc64le.rpm perf-3.10.0-327.46.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm python-perf-3.10.0-327.46.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm s390x: kernel-3.10.0-327.46.1.el7.s390x.rpm kernel-debug-3.10.0-327.46.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-327.46.1.el7.s390x.rpm kernel-debug-devel-3.10.0-327.46.1.el7.s390x.rpm kernel-debuginfo-3.10.0-327.46.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-327.46.1.el7.s390x.rpm kernel-devel-3.10.0-327.46.1.el7.s390x.rpm kernel-headers-3.10.0-327.46.1.el7.s390x.rpm kernel-kdump-3.10.0-327.46.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-327.46.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-327.46.1.el7.s390x.rpm perf-3.10.0-327.46.1.el7.s390x.rpm perf-debuginfo-3.10.0-327.46.1.el7.s390x.rpm python-perf-3.10.0-327.46.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.s390x.rpm x86_64: kernel-3.10.0-327.46.1.el7.x86_64.rpm kernel-debug-3.10.0-327.46.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.46.1.el7.x86_64.rpm kernel-devel-3.10.0-327.46.1.el7.x86_64.rpm kernel-headers-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.46.1.el7.x86_64.rpm perf-3.10.0-327.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm python-perf-3.10.0-327.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.2): ppc64: kernel-debug-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-327.46.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-327.46.1.el7.ppc64.rpm perf-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.46.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.46.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.46.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.46.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.46.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2847 https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkKGhXlSAg2UNWIIRAmpBAJ9njgRBW7LLL98EXo3LDPqiWoDNfgCgj/+z v2CJkXxZSp6FQoFUqH5lUG0= =9zob -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 14:41:00 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2017 14:41:00 +0000 Subject: [RHSA-2017:0216-01] Important: kernel security update Message-ID: <201701311440.v0VEeaJH007355@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0216-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0216.html Issue date: 2017-01-31 CVE Names: CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: kernel-2.6.32-504.56.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.56.1.el6.noarch.rpm kernel-doc-2.6.32-504.56.1.el6.noarch.rpm kernel-firmware-2.6.32-504.56.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.56.1.el6.x86_64.rpm kernel-debug-2.6.32-504.56.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.56.1.el6.x86_64.rpm kernel-devel-2.6.32-504.56.1.el6.x86_64.rpm kernel-headers-2.6.32-504.56.1.el6.x86_64.rpm perf-2.6.32-504.56.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: kernel-2.6.32-504.56.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.56.1.el6.noarch.rpm kernel-doc-2.6.32-504.56.1.el6.noarch.rpm kernel-firmware-2.6.32-504.56.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.56.1.el6.x86_64.rpm kernel-debug-2.6.32-504.56.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.56.1.el6.x86_64.rpm kernel-devel-2.6.32-504.56.1.el6.x86_64.rpm kernel-headers-2.6.32-504.56.1.el6.x86_64.rpm perf-2.6.32-504.56.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.56.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm python-perf-2.6.32-504.56.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.56.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm python-perf-2.6.32-504.56.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.56.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/2706661 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkKHXXlSAg2UNWIIRAvT9AKCzH9ImHUnfps9QFSGIIp3eNeuq4ACgiYpu 1mxamaUgiJOlaR8RZEmyy4M= =agy+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 14:41:36 2017 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2017 14:41:36 +0000 Subject: [RHSA-2017:0215-01] Important: kernel security update Message-ID: <201701311441.v0VEfCqb012898@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:0215-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0215.html Issue date: 2017-01-31 CVE Names: CVE-2016-7117 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1382268 - CVE-2016-7117 kernel: Use-after-free in the recvmmsg exit path 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: kernel-2.6.32-220.69.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.69.1.el6.noarch.rpm kernel-firmware-2.6.32-220.69.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.69.1.el6.x86_64.rpm kernel-debug-2.6.32-220.69.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.69.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.69.1.el6.x86_64.rpm kernel-devel-2.6.32-220.69.1.el6.x86_64.rpm kernel-headers-2.6.32-220.69.1.el6.x86_64.rpm perf-2.6.32-220.69.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.69.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.69.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm python-perf-2.6.32-220.69.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.69.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7117 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYkKH7XlSAg2UNWIIRAijsAJ4/0hchD7SAn/O2zufiDxOb5v9MWwCdGPRA ycSfReD+SMiFJYzhfPaEeUo= =p4tQ -----END PGP SIGNATURE-----