From bugzilla at redhat.com  Mon May  8 10:02:00 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 8 May 2017 10:02:00 +0000
Subject: [RHSA-2017:1202-01] Important: bind security update
Message-ID: <201705081002.v48A2AAw028769@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: bind security update
Advisory ID:       RHSA-2017:1202-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1202
Issue date:        2017-05-08
CVE Names:         CVE-2017-3139 
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* A denial of service flaw was found in the way BIND handled DNSSEC
validation. A remote attacker could use this flaw to make named exit
unexpectedly with an assertion failure via a specially crafted DNS
response. (CVE-2017-3139)

Note: This issue affected only the BIND versions as shipped with Red Hat
Enterprise Linux 6. This issue did not affect any upstream versions of
BIND.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1447743 - CVE-2017-3139 bind: assertion failure in DNSSEC validation

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
bind-9.8.2-0.62.rc1.el6_9.2.src.rpm

i386:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.i686.rpm

x86_64:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
bind-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.i686.rpm

x86_64:
bind-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
bind-9.8.2-0.62.rc1.el6_9.2.src.rpm

x86_64:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
bind-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
bind-9.8.2-0.62.rc1.el6_9.2.src.rpm

i386:
bind-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.i686.rpm

ppc64:
bind-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.ppc.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.ppc.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm

s390x:
bind-9.8.2-0.62.rc1.el6_9.2.s390x.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.s390x.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.s390.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.s390x.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.s390.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.s390x.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.s390x.rpm

x86_64:
bind-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.i686.rpm

ppc64:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.ppc.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.ppc.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.ppc64.rpm

s390x:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.s390.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.s390x.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.s390.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.s390x.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.s390x.rpm

x86_64:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
bind-9.8.2-0.62.rc1.el6_9.2.src.rpm

i386:
bind-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.i686.rpm

x86_64:
bind-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.i686.rpm

x86_64:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-3139
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZEEIDXlSAg2UNWIIRArrXAJ0a+4zX46HMCKfkn70RNdc0b0oblwCfYqD6
25eyw049SIjfO97unZnepmY=
=21Kp
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May  8 13:07:34 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 8 May 2017 13:07:34 +0000
Subject: [RHSA-2017:1201-01] Important: thunderbird security update
Message-ID: <201705081308.v48D81Xm022154@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2017:1201-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1201
Issue date:        2017-05-08
CVE Names:         CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 
                   CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 
                   CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 
                   CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 
                   CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 
                   CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 
                   CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 
                   CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 
                   CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 
                   CVE-2017-5467 CVE-2017-5469 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 52.1.0.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436,
CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438,
CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443,
CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460,
CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195,
CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467,
CVE-2016-10197)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero),
Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal
De Silva, Nicolas Gr?goire, Holger Fuhrmannek, Atte Kettunen, Haik
Aftandilian, and Jordi Chancel as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1418608 - CVE-2016-10195 libevent: Stack-buffer overflow in the name_parse() function
1418611 - CVE-2016-10196 libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()
1418612 - CVE-2016-10197 libevent: Out-of-bounds read in search_make_new()
1443298 - CVE-2017-5442 Mozilla: Use-after-free during style changes (MFSA 2017-11, MFSA 2017-12)
1443299 - CVE-2017-5443 Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)
1443301 - CVE-2017-5429 Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)
1443303 - CVE-2017-5464 Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)
1443304 - CVE-2017-5465 Mozilla: Out-of-bounds read in ConvolvePixel (MFSA 2017-11, MFSA 2017-12)
1443305 - CVE-2017-5466 Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)
1443307 - CVE-2017-5467 Mozilla: Memory corruption when drawing Skia content (MFSA 2017-12)
1443308 - CVE-2017-5460 Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)
1443311 - CVE-2017-5449 Mozilla: Crash during bidirectional unicode manipulation with animation (MFSA 2017-11, MFSA 2017-12)
1443312 - CVE-2017-5446 Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)
1443313 - CVE-2017-5447 Mozilla: Out-of-bounds read during glyph processing (MFSA 2017-11, MFSA 2017-12)
1443314 - CVE-2017-5444 Mozilla: Buffer overflow while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
1443315 - CVE-2017-5445 Mozilla: Uninitialized values used while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
1443317 - CVE-2017-5469 Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)
1443322 - CVE-2017-5440 Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)
1443323 - CVE-2017-5441 Mozilla: Use-after-free with selection during scroll events (MFSA 2017-11, MFSA 2017-12)
1443324 - CVE-2017-5439 Mozilla: Use-after-free in nsTArray Length() during XSLT processing (MFSA 2017-11, MFSA 2017-12)
1443325 - CVE-2017-5438 Mozilla: Use-after-free in nsAutoPtr during XSLT processing (MFSA 2017-11, MFSA 2017-12)
1443327 - CVE-2017-5436 Mozilla: Out-of-bounds write with malicious font in Graphite 2 (MFSA 2017-11, MFSA 2017-12)
1443328 - CVE-2017-5435 Mozilla: Use-after-free during transaction processing in the editor (MFSA 2017-11, MFSA 2017-12)
1443329 - CVE-2017-5434 Mozilla: Use-after-free during focus handling (MFSA 2017-11, MFSA 2017-12)
1443330 - CVE-2017-5433 Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)
1443332 - CVE-2017-5432 Mozilla: Use-after-free in text input selection (MFSA 2017-11, MFSA 2017-12)
1443333 - CVE-2017-5459 Mozilla: Buffer overflow in WebGL (MFSA 2017-11, MFSA 2017-12)
1443338 - CVE-2017-5454 Mozilla: Sandbox escape allowing file system read access through file picker (MFSA 2017-12)
1443340 - CVE-2017-5451 Mozilla: Addressbar spoofing with onblur event (MFSA 2017-12)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
thunderbird-52.1.0-1.el6_9.src.rpm

i386:
thunderbird-52.1.0-1.el6_9.i686.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.i686.rpm

x86_64:
thunderbird-52.1.0-1.el6_9.x86_64.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
thunderbird-52.1.0-1.el6_9.src.rpm

i386:
thunderbird-52.1.0-1.el6_9.i686.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.i686.rpm

ppc64:
thunderbird-52.1.0-1.el6_9.ppc64.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.ppc64.rpm

s390x:
thunderbird-52.1.0-1.el6_9.s390x.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.s390x.rpm

x86_64:
thunderbird-52.1.0-1.el6_9.x86_64.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
thunderbird-52.1.0-1.el6_9.src.rpm

i386:
thunderbird-52.1.0-1.el6_9.i686.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.i686.rpm

x86_64:
thunderbird-52.1.0-1.el6_9.x86_64.rpm
thunderbird-debuginfo-52.1.0-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
thunderbird-52.1.0-1.el7_3.src.rpm

x86_64:
thunderbird-52.1.0-1.el7_3.x86_64.rpm
thunderbird-debuginfo-52.1.0-1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-52.1.0-1.el7_3.src.rpm

aarch64:
thunderbird-52.1.0-1.el7_3.aarch64.rpm
thunderbird-debuginfo-52.1.0-1.el7_3.aarch64.rpm

ppc64le:
thunderbird-52.1.0-1.el7_3.ppc64le.rpm
thunderbird-debuginfo-52.1.0-1.el7_3.ppc64le.rpm

x86_64:
thunderbird-52.1.0-1.el7_3.x86_64.rpm
thunderbird-debuginfo-52.1.0-1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
thunderbird-52.1.0-1.el7_3.src.rpm

x86_64:
thunderbird-52.1.0-1.el7_3.x86_64.rpm
thunderbird-debuginfo-52.1.0-1.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-10195
https://access.redhat.com/security/cve/CVE-2016-10196
https://access.redhat.com/security/cve/CVE-2016-10197
https://access.redhat.com/security/cve/CVE-2017-5429
https://access.redhat.com/security/cve/CVE-2017-5432
https://access.redhat.com/security/cve/CVE-2017-5433
https://access.redhat.com/security/cve/CVE-2017-5434
https://access.redhat.com/security/cve/CVE-2017-5435
https://access.redhat.com/security/cve/CVE-2017-5436
https://access.redhat.com/security/cve/CVE-2017-5438
https://access.redhat.com/security/cve/CVE-2017-5439
https://access.redhat.com/security/cve/CVE-2017-5440
https://access.redhat.com/security/cve/CVE-2017-5441
https://access.redhat.com/security/cve/CVE-2017-5442
https://access.redhat.com/security/cve/CVE-2017-5443
https://access.redhat.com/security/cve/CVE-2017-5444
https://access.redhat.com/security/cve/CVE-2017-5445
https://access.redhat.com/security/cve/CVE-2017-5446
https://access.redhat.com/security/cve/CVE-2017-5447
https://access.redhat.com/security/cve/CVE-2017-5449
https://access.redhat.com/security/cve/CVE-2017-5451
https://access.redhat.com/security/cve/CVE-2017-5454
https://access.redhat.com/security/cve/CVE-2017-5459
https://access.redhat.com/security/cve/CVE-2017-5460
https://access.redhat.com/security/cve/CVE-2017-5464
https://access.redhat.com/security/cve/CVE-2017-5465
https://access.redhat.com/security/cve/CVE-2017-5466
https://access.redhat.com/security/cve/CVE-2017-5467
https://access.redhat.com/security/cve/CVE-2017-5469
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2017-13

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZEG19XlSAg2UNWIIRAtnkAJ42Cumlnpe3po36yXR3mVzsxmJ2XgCghdWe
0Z+axK8Ht5GsV7EMQ36fANE=
=5PEe
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May  9 11:36:47 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 9 May 2017 07:36:47 -0400
Subject: [RHSA-2017:1204-01] Moderate: java-1.7.0-openjdk security update
Message-ID: <201705091136.v49Balxt000731@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.7.0-openjdk security update
Advisory ID:       RHSA-2017:1204-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1204
Issue date:        2017-05-09
CVE Names:         CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 
                   CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 
=====================================================================

1. Summary:

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise
Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

* An untrusted library search path flaw was found in the JCE component of
OpenJDK. A local attacker could possibly use this flaw to cause a Java
application using JCE to load an attacker-controlled library and hence
escalate their privileges. (CVE-2017-3511)

* It was found that the JAXP component of OpenJDK failed to correctly
enforce parse tree size limits when parsing XML document. An attacker able
to make a Java application parse a specially crafted XML document could use
this flaw to make it consume an excessive amount of CPU and memory.
(CVE-2017-3526)

* It was discovered that the HTTP client implementation in the Networking
component of OpenJDK could cache and re-use an NTLM authenticated
connection in a different security context. A remote attacker could
possibly use this flaw to make a Java application perform HTTP requests
authenticated with credentials of a different user. (CVE-2017-3509)

Note: This update adds support for the "jdk.ntlm.cache" system property
which, when set to false, prevents caching of NTLM connections and
authentications and hence prevents this issue. However, caching remains
enabled by default.

* It was discovered that the Security component of OpenJDK did not allow
users to restrict the set of algorithms allowed for Jar integrity
verification. This flaw could allow an attacker to modify content of the
Jar file that used weak signing key or hash algorithm. (CVE-2017-3539)

Note: This updates extends the fix for CVE-2016-5542 released as part of
the RHSA-2016:2658 erratum to no longer allow the MD5 hash algorithm during
the Jar integrity verification by adding it to the
jdk.jar.disabledAlgorithms security property.

* Newline injection flaws were discovered in FTP and SMTP client
implementations in the Networking component in OpenJDK. A remote attacker
could possibly use these flaws to manipulate FTP or SMTP connections
established by a Java application. (CVE-2017-3533, CVE-2017-3544)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1443007 - CVE-2017-3511 OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
1443052 - CVE-2017-3509 OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
1443068 - CVE-2017-3544 OpenJDK: newline injection in the SMTP client (Networking, 8171533)
1443083 - CVE-2017-3533 OpenJDK: newline injection in the FTP client (Networking, 8170222)
1443097 - CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121)
1443252 - CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.i686.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el7_3.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el7_3.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.src.rpm

aarch64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm

ppc64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm

ppc64le:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm

s390x:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.s390x.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.s390x.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.s390x.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.aarch64.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el7_3.noarch.rpm

ppc64:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.ppc64.rpm

ppc64le:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.ppc64le.rpm

s390x:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.s390x.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.s390x.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.s390x.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.141-2.6.10.1.el7_3.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.141-2.6.10.1.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-3509
https://access.redhat.com/security/cve/CVE-2017-3511
https://access.redhat.com/security/cve/CVE-2017-3526
https://access.redhat.com/security/cve/CVE-2017-3533
https://access.redhat.com/security/cve/CVE-2017-3539
https://access.redhat.com/security/cve/CVE-2017-3544
https://access.redhat.com/security/updates/classification/#moderate
https://rhn.redhat.com/errata/RHSA-2016-2658.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZEanFXlSAg2UNWIIRAoJMAJ9bLsFQsGYfHkarqPVONMshpxIQdACgkp6d
mIVvAu3duL2/YPLCrRxF5gQ=
=NkUp
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May  9 18:11:14 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 9 May 2017 18:11:14 +0000
Subject: [RHSA-2017:1206-01] Important: qemu-kvm security update
Message-ID: <201705091811.v49IBKN4026562@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2017:1206-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1206
Issue date:        2017-05-09
CVE Names:         CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 
                   CVE-2017-7980 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm package provides the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA
emulator's VNC display driver support; the issue could occur when a VNC
client attempted to update its display after a VGA operation is performed
by a guest. A privileged user/process inside a guest could use this flaw to
crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2016-9603)

* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx
VGA Emulator support. The vulnerability could occur while copying VGA data
via various bitblt functions. A privileged user inside a guest could use
this flaw to crash the QEMU process or, potentially, execute arbitrary code
on the host with privileges of the QEMU process. (CVE-2017-7980)

* An out-of-bounds memory access issue was found in QEMU's VNC display
driver support. The vulnerability could occur while refreshing the VNC
display surface area in the 'vnc_refresh_server_surface'. A user/process
inside a guest could use this flaw to crash the QEMU process, resulting in
a denial of service. (CVE-2017-2633)

* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data
using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A
privileged user inside a guest could use this flaw to crash the QEMU
process, resulting in denial of service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc.) and Li Qiang
(Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT
Huawei Inc.) for reporting CVE-2017-7718.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1400438 - CVE-2017-2633 qemu-kvm coredump in vnc_refresh_server_surface [rhel-6.9.z]
1425939 - CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit
1430056 - CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection
1437060 - Fails to build in brew
1443441 - CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
1444371 - CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.i686.rpm

ppc64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.ppc64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.ppc64.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.3.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.3.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-9603
https://access.redhat.com/security/cve/CVE-2017-2633
https://access.redhat.com/security/cve/CVE-2017-7718
https://access.redhat.com/security/cve/CVE-2017-7980
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZEgYwXlSAg2UNWIIRAgfuAKCWBJsunnm64dyq46QyyPNBe2gUlQCgksb1
KjPkg9YSh/Fjd9OnmeyXJXA=
=Xius
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May  9 18:45:25 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 9 May 2017 18:45:25 +0000
Subject: [RHSA-2017:1208-01] Important: jasper security update
Message-ID: <201705091845.v49IjWT5029686@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: jasper security update
Advisory ID:       RHSA-2017:1208-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1208
Issue date:        2017-05-09
CVE Names:         CVE-2015-5203 CVE-2015-5221 CVE-2016-10248 
                   CVE-2016-10249 CVE-2016-10251 CVE-2016-1577 
                   CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 
                   CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 
                   CVE-2016-8692 CVE-2016-8693 CVE-2016-8883 
                   CVE-2016-8884 CVE-2016-8885 CVE-2016-9262 
                   CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 
                   CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 
                   CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 
                   CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 
=====================================================================

1. Summary:

An update for jasper is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

JasPer is an implementation of Part 1 of the JPEG 2000 image compression
standard.

Security Fix(es):

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash
or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560,
CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690,
CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591)

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files.
A specially crafted file could cause an application using JasPer to crash.
(CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692,
CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390,
CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583,
CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)

Red Hat would like to thank Liu Bingchang (IIE) for reporting
CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo
Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting
CVE-2015-5221.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1254242 - CVE-2015-5203 jasper: integer overflow in jas_image_cmpt_create()
1255710 - CVE-2015-5221 jasper: use-after-free and double-free flaws in mif_process_cmpt()
1298135 - CVE-2016-1867 jasper: out-of-bounds read in jpc_pi_nextcprl()
1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
1314466 - CVE-2016-1577 jasper: double free issue in jas_iccattrval_destroy()
1314472 - CVE-2016-2116 jasper: memory leak in jas_iccprof_createfrombuf()
1385499 - CVE-2016-8690 CVE-2016-8884 CVE-2016-8885 jasper: missing jas_matrix_create() parameter checks
1385502 - CVE-2016-8691 CVE-2016-8692 jasper: missing SIZ marker segment XRsiz and YRsiz fields range check
1385507 - CVE-2016-8693 jasper: incorrect handling of bufsize 0 in mem_resize()
1388840 - CVE-2016-10249 jasper: integer overflow in jas_matrix_create()
1388870 - CVE-2016-8883 jasper: reachable asserts in jpc_dec_tiledecode()
1393882 - CVE-2016-9262 jasper: integer truncation in jas_image_cmpt_create()
1396959 - CVE-2016-9387 jasper: integer overflow in jpc_dec_process_siz()
1396962 - CVE-2016-9388 jasper: reachable assertions in RAS encoder/decoder
1396963 - CVE-2016-9389 jasper: reachable assertions caused by insufficient component domains checks in ICT/RCT in JPC codec
1396965 - CVE-2016-9390 jasper: insufficient SIZ marker tilexoff and tileyoff checks
1396967 - CVE-2016-9391 jasper: reachable assertions in the JPC bitstream code
1396971 - CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 jasper: insufficient SIZ marker segment data sanity checks
1398256 - CVE-2016-9560 jasper: stack-based buffer overflow in jpc_dec_tileinit()
1399167 - CVE-2016-8654 jasper: heap-based buffer overflow in QMFB code in JPC codec
1405148 - CVE-2016-9583 jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
1406405 - CVE-2016-9591 jasper: use-after-free / double-free in JPC encoder
1410026 - CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
1434447 - CVE-2016-10248 jasper: NULL pointer dereference in jpc_tsfb_synthesize()
1434461 - CVE-2016-10251 jasper: integer overflow in jpc_pi_nextcprl(), leading to out-of-bounds read

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
jasper-1.900.1-21.el6_9.src.rpm

i386:
jasper-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm

x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-utils-1.900.1-21.el6_9.i686.rpm

x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
jasper-1.900.1-21.el6_9.src.rpm

x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
jasper-1.900.1-21.el6_9.src.rpm

i386:
jasper-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm

ppc64:
jasper-1.900.1-21.el6_9.ppc64.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc64.rpm
jasper-libs-1.900.1-21.el6_9.ppc.rpm
jasper-libs-1.900.1-21.el6_9.ppc64.rpm

s390x:
jasper-1.900.1-21.el6_9.s390x.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390x.rpm
jasper-libs-1.900.1-21.el6_9.s390.rpm
jasper-libs-1.900.1-21.el6_9.s390x.rpm

x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-utils-1.900.1-21.el6_9.i686.rpm

ppc64:
jasper-debuginfo-1.900.1-21.el6_9.ppc.rpm
jasper-debuginfo-1.900.1-21.el6_9.ppc64.rpm
jasper-devel-1.900.1-21.el6_9.ppc.rpm
jasper-devel-1.900.1-21.el6_9.ppc64.rpm
jasper-utils-1.900.1-21.el6_9.ppc64.rpm

s390x:
jasper-debuginfo-1.900.1-21.el6_9.s390.rpm
jasper-debuginfo-1.900.1-21.el6_9.s390x.rpm
jasper-devel-1.900.1-21.el6_9.s390.rpm
jasper-devel-1.900.1-21.el6_9.s390x.rpm
jasper-utils-1.900.1-21.el6_9.s390x.rpm

x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
jasper-1.900.1-21.el6_9.src.rpm

i386:
jasper-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm

x86_64:
jasper-1.900.1-21.el6_9.x86_64.rpm
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-libs-1.900.1-21.el6_9.i686.rpm
jasper-libs-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-utils-1.900.1-21.el6_9.i686.rpm

x86_64:
jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm
jasper-devel-1.900.1-21.el6_9.i686.rpm
jasper-devel-1.900.1-21.el6_9.x86_64.rpm
jasper-utils-1.900.1-21.el6_9.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
jasper-1.900.1-30.el7_3.src.rpm

x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
jasper-1.900.1-30.el7_3.src.rpm

x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
jasper-1.900.1-30.el7_3.src.rpm

aarch64:
jasper-debuginfo-1.900.1-30.el7_3.aarch64.rpm
jasper-libs-1.900.1-30.el7_3.aarch64.rpm

ppc64:
jasper-debuginfo-1.900.1-30.el7_3.ppc.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64.rpm
jasper-libs-1.900.1-30.el7_3.ppc.rpm
jasper-libs-1.900.1-30.el7_3.ppc64.rpm

ppc64le:
jasper-debuginfo-1.900.1-30.el7_3.ppc64le.rpm
jasper-libs-1.900.1-30.el7_3.ppc64le.rpm

s390x:
jasper-debuginfo-1.900.1-30.el7_3.s390.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390x.rpm
jasper-libs-1.900.1-30.el7_3.s390.rpm
jasper-libs-1.900.1-30.el7_3.s390x.rpm

x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
jasper-1.900.1-30.el7_3.aarch64.rpm
jasper-debuginfo-1.900.1-30.el7_3.aarch64.rpm
jasper-devel-1.900.1-30.el7_3.aarch64.rpm
jasper-utils-1.900.1-30.el7_3.aarch64.rpm

ppc64:
jasper-1.900.1-30.el7_3.ppc64.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64.rpm
jasper-devel-1.900.1-30.el7_3.ppc.rpm
jasper-devel-1.900.1-30.el7_3.ppc64.rpm
jasper-utils-1.900.1-30.el7_3.ppc64.rpm

ppc64le:
jasper-1.900.1-30.el7_3.ppc64le.rpm
jasper-debuginfo-1.900.1-30.el7_3.ppc64le.rpm
jasper-devel-1.900.1-30.el7_3.ppc64le.rpm
jasper-utils-1.900.1-30.el7_3.ppc64le.rpm

s390x:
jasper-1.900.1-30.el7_3.s390x.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390.rpm
jasper-debuginfo-1.900.1-30.el7_3.s390x.rpm
jasper-devel-1.900.1-30.el7_3.s390.rpm
jasper-devel-1.900.1-30.el7_3.s390x.rpm
jasper-utils-1.900.1-30.el7_3.s390x.rpm

x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
jasper-1.900.1-30.el7_3.src.rpm

x86_64:
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-libs-1.900.1-30.el7_3.i686.rpm
jasper-libs-1.900.1-30.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
jasper-1.900.1-30.el7_3.x86_64.rpm
jasper-debuginfo-1.900.1-30.el7_3.i686.rpm
jasper-debuginfo-1.900.1-30.el7_3.x86_64.rpm
jasper-devel-1.900.1-30.el7_3.i686.rpm
jasper-devel-1.900.1-30.el7_3.x86_64.rpm
jasper-utils-1.900.1-30.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-5203
https://access.redhat.com/security/cve/CVE-2015-5221
https://access.redhat.com/security/cve/CVE-2016-10248
https://access.redhat.com/security/cve/CVE-2016-10249
https://access.redhat.com/security/cve/CVE-2016-10251
https://access.redhat.com/security/cve/CVE-2016-1577
https://access.redhat.com/security/cve/CVE-2016-1867
https://access.redhat.com/security/cve/CVE-2016-2089
https://access.redhat.com/security/cve/CVE-2016-2116
https://access.redhat.com/security/cve/CVE-2016-8654
https://access.redhat.com/security/cve/CVE-2016-8690
https://access.redhat.com/security/cve/CVE-2016-8691
https://access.redhat.com/security/cve/CVE-2016-8692
https://access.redhat.com/security/cve/CVE-2016-8693
https://access.redhat.com/security/cve/CVE-2016-8883
https://access.redhat.com/security/cve/CVE-2016-8884
https://access.redhat.com/security/cve/CVE-2016-8885
https://access.redhat.com/security/cve/CVE-2016-9262
https://access.redhat.com/security/cve/CVE-2016-9387
https://access.redhat.com/security/cve/CVE-2016-9388
https://access.redhat.com/security/cve/CVE-2016-9389
https://access.redhat.com/security/cve/CVE-2016-9390
https://access.redhat.com/security/cve/CVE-2016-9391
https://access.redhat.com/security/cve/CVE-2016-9392
https://access.redhat.com/security/cve/CVE-2016-9393
https://access.redhat.com/security/cve/CVE-2016-9394
https://access.redhat.com/security/cve/CVE-2016-9560
https://access.redhat.com/security/cve/CVE-2016-9583
https://access.redhat.com/security/cve/CVE-2016-9591
https://access.redhat.com/security/cve/CVE-2016-9600
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZEg4lXlSAg2UNWIIRAuyVAJ9P9L4mLFrCZVWixRk6fXMAasAhMQCgxG8K
H3IC3a7qUw4PxFoXoRVkR5U=
=YNRv
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May  9 20:53:31 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 9 May 2017 20:53:31 +0000
Subject: [RHSA-2017:1219-01] Critical: flash-plugin security update
Message-ID: <201705092053.v49KraBQ011635@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: flash-plugin security update
Advisory ID:       RHSA-2017:1219-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1219
Issue date:        2017-05-09
CVE Names:         CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 
                   CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 
                   CVE-2017-3074 
=====================================================================

1. Summary:

An update for flash-plugin is now available for Red Hat Enterprise Linux 6
Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update upgrades Flash Player to version 25.0.0.171.

Security Fix(es):

* This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070,
CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1449340 - CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 flash-plugin: multiple code execution issues fixed in APSB17-15

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
flash-plugin-25.0.0.171-1.el6_9.i686.rpm

x86_64:
flash-plugin-25.0.0.171-1.el6_9.i686.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
flash-plugin-25.0.0.171-1.el6_9.i686.rpm

x86_64:
flash-plugin-25.0.0.171-1.el6_9.i686.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
flash-plugin-25.0.0.171-1.el6_9.i686.rpm

x86_64:
flash-plugin-25.0.0.171-1.el6_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-3068
https://access.redhat.com/security/cve/CVE-2017-3069
https://access.redhat.com/security/cve/CVE-2017-3070
https://access.redhat.com/security/cve/CVE-2017-3071
https://access.redhat.com/security/cve/CVE-2017-3072
https://access.redhat.com/security/cve/CVE-2017-3073
https://access.redhat.com/security/cve/CVE-2017-3074
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb17-15.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZEiw3XlSAg2UNWIIRAhaeAJ4mcuUFYqalURuxtRIkDAj18bhKngCdEmXc
RbVXnEIBVk91J3+sVOK5H5c=
=PsAM
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 10 13:17:21 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 10 May 2017 13:17:21 +0000
Subject: [RHSA-2017:1220-01] Moderate: java-1.8.0-ibm security update
Message-ID: <201705101317.v4ADHQX7002105@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-ibm security update
Advisory ID:       RHSA-2017:1220-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1220
Issue date:        2017-05-10
CVE Names:         CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 
                   CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 
                   CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 
                   CVE-2017-3544 
=====================================================================

1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux
6 Supplementary and Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64

3. Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR4-FP5.

Security Fix(es):

* This update fixes multiple vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security Vulnerabilities
page, listed in the References section. (CVE-2016-9840, CVE-2016-9841,
CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511,
CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take
effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1402345 - CVE-2016-9840 zlib: Out-of-bounds pointer arithmetic in inftrees.c
1402346 - CVE-2016-9841 zlib: Out-of-bounds pointer arithmetic in inffast.c
1402348 - CVE-2016-9842 zlib: Undefined left shift of negative number
1402351 - CVE-2016-9843 zlib: Big-endian out-of-bounds pointer
1443007 - CVE-2017-3511 OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
1443052 - CVE-2017-3509 OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
1443068 - CVE-2017-3544 OpenJDK: newline injection in the SMTP client (Networking, 8171533)
1443083 - CVE-2017-3533 OpenJDK: newline injection in the FTP client (Networking, 8170222)
1443097 - CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121)
1449603 - CVE-2017-1289 IBM JDK: XML External Entity Injection (XXE) error when processing XML data

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.i686.rpm

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.i686.rpm

ppc64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.ppc64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.ppc64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.ppc64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.ppc64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.ppc64.rpm

s390x:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.s390x.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.s390x.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.s390x.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.s390x.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.s390x.rpm

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9.i686.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.i686.rpm

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Client Supplementary (v. 7):

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 7):

ppc64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.ppc.rpm
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.ppc.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3.ppc64.rpm

ppc64le:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3.ppc64le.rpm

s390x:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.s390.rpm
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.s390x.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3.s390x.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.s390.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.s390x.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3.s390x.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3.s390x.rpm

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 7):

x86_64:
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.i686.rpm
java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-9840
https://access.redhat.com/security/cve/CVE-2016-9841
https://access.redhat.com/security/cve/CVE-2016-9842
https://access.redhat.com/security/cve/CVE-2016-9843
https://access.redhat.com/security/cve/CVE-2017-1289
https://access.redhat.com/security/cve/CVE-2017-3509
https://access.redhat.com/security/cve/CVE-2017-3511
https://access.redhat.com/security/cve/CVE-2017-3533
https://access.redhat.com/security/cve/CVE-2017-3539
https://access.redhat.com/security/cve/CVE-2017-3544
https://access.redhat.com/security/updates/classification/#moderate
https://developer.ibm.com/javasdk/support/security-vulnerabilities/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZExGGXlSAg2UNWIIRAs8MAJsFEQFUYclvB6VisGhQIgJXtCal3gCgwxzD
czTnU1Fy416wYqQqvch4d1A=
=gwgM
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 10 13:19:01 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 10 May 2017 13:19:01 +0000
Subject: [RHSA-2017:1221-01] Moderate: java-1.7.1-ibm security update
Message-ID: <201705101319.v4ADJ8RS002179@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.7.1-ibm security update
Advisory ID:       RHSA-2017:1221-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1221
Issue date:        2017-05-10
CVE Names:         CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 
                   CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 
                   CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 
                   CVE-2017-3544 
=====================================================================

1. Summary:

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux
6 Supplementary and Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64

3. Description:

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment
and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5.

Security Fix(es):

* This update fixes multiple vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security Vulnerabilities
page, listed in the References section. (CVE-2016-9840, CVE-2016-9841,
CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511,
CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take
effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1402345 - CVE-2016-9840 zlib: Out-of-bounds pointer arithmetic in inftrees.c
1402346 - CVE-2016-9841 zlib: Out-of-bounds pointer arithmetic in inffast.c
1402348 - CVE-2016-9842 zlib: Undefined left shift of negative number
1402351 - CVE-2016-9843 zlib: Big-endian out-of-bounds pointer
1443007 - CVE-2017-3511 OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
1443052 - CVE-2017-3509 OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
1443068 - CVE-2017-3544 OpenJDK: newline injection in the SMTP client (Networking, 8171533)
1443083 - CVE-2017-3533 OpenJDK: newline injection in the FTP client (Networking, 8170222)
1443097 - CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121)
1449603 - CVE-2017-1289 IBM JDK: XML External Entity Injection (XXE) error when processing XML data

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.i686.rpm

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.i686.rpm

ppc64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.ppc64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.ppc64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.ppc64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.ppc64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.ppc64.rpm

s390x:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.s390x.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.s390x.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.s390x.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.s390x.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.s390x.rpm

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9.i686.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.i686.rpm

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9.x86_64.rpm

Red Hat Enterprise Linux Client Supplementary (v. 7):

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 7):

ppc64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.ppc.rpm
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.ppc.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3.ppc64.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.1.el7_3.ppc.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3.ppc64.rpm

ppc64le:
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3.ppc64le.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3.ppc64le.rpm

s390x:
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.s390.rpm
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.s390x.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3.s390x.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.s390.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.s390x.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3.s390x.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3.s390x.rpm

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 7):

x86_64:
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.i686.rpm
java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm
java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-9840
https://access.redhat.com/security/cve/CVE-2016-9841
https://access.redhat.com/security/cve/CVE-2016-9842
https://access.redhat.com/security/cve/CVE-2016-9843
https://access.redhat.com/security/cve/CVE-2017-1289
https://access.redhat.com/security/cve/CVE-2017-3509
https://access.redhat.com/security/cve/CVE-2017-3511
https://access.redhat.com/security/cve/CVE-2017-3533
https://access.redhat.com/security/cve/CVE-2017-3539
https://access.redhat.com/security/cve/CVE-2017-3544
https://access.redhat.com/security/updates/classification/#moderate
https://developer.ibm.com/javasdk/support/security-vulnerabilities/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZExMmXlSAg2UNWIIRAsSaAJ9BSHpn/c8kQOf7q3XZPP/oVIm5EgCgocMr
XdQD+0ZfMYHkp0Tux+KrLuY=
=uGgE
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 10 13:20:02 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 10 May 2017 13:20:02 +0000
Subject: [RHSA-2017:1222-01] Moderate: java-1.6.0-ibm security update
Message-ID: <201705101320.v4ADKH2r002274@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.6.0-ibm security update
Advisory ID:       RHSA-2017:1222-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1222
Issue date:        2017-05-10
CVE Names:         CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 
                   CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 
                   CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 
=====================================================================

1. Summary:

An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux
6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update upgrades IBM Java SE 6 to version 6 SR16-FP45.

Security Fix(es):

* This update fixes multiple vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security Vulnerabilities
page, listed in the References section. (CVE-2016-9840, CVE-2016-9841,
CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3533,
CVE-2017-3539, CVE-2017-3544)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take
effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1402345 - CVE-2016-9840 zlib: Out-of-bounds pointer arithmetic in inftrees.c
1402346 - CVE-2016-9841 zlib: Out-of-bounds pointer arithmetic in inffast.c
1402348 - CVE-2016-9842 zlib: Undefined left shift of negative number
1402351 - CVE-2016-9843 zlib: Big-endian out-of-bounds pointer
1443052 - CVE-2017-3509 OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
1443068 - CVE-2017-3544 OpenJDK: newline injection in the SMTP client (Networking, 8171533)
1443083 - CVE-2017-3533 OpenJDK: newline injection in the FTP client (Networking, 8170222)
1443097 - CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121)
1449603 - CVE-2017-1289 IBM JDK: XML External Entity Injection (XXE) error when processing XML data

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.i686.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.i686.rpm

ppc64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm

s390x:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.i686.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.i686.rpm

x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-9840
https://access.redhat.com/security/cve/CVE-2016-9841
https://access.redhat.com/security/cve/CVE-2016-9842
https://access.redhat.com/security/cve/CVE-2016-9843
https://access.redhat.com/security/cve/CVE-2017-1289
https://access.redhat.com/security/cve/CVE-2017-3509
https://access.redhat.com/security/cve/CVE-2017-3533
https://access.redhat.com/security/cve/CVE-2017-3539
https://access.redhat.com/security/cve/CVE-2017-3544
https://access.redhat.com/security/updates/classification/#moderate
https://developer.ibm.com/javasdk/support/security-vulnerabilities/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZExNdXlSAg2UNWIIRAkMaAKCg0d0cYrmQd4Qrx0ywKxPbV71x9wCeIoNq
cuW3HDm2eBB0IjxK/Or+xF8=
=zKQZ
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May 11 16:29:26 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 11 May 2017 16:29:26 +0000
Subject: [RHSA-2017:1228-01] Important: chromium-browser security update
Message-ID: <201705111629.v4BGTVsa017824@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2017:1228-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1228
Issue date:        2017-05-11
CVE Names:         CVE-2017-5068 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 58.0.3029.96.

Security Fix(es):

* A flaw was found in the processing of malformed web content. A web page
containing malicious content could cause Chromium to crash, execute
arbitrary code, or disclose sensitive information when visited by the
victim. (CVE-2017-5068)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1448031 - CVE-2017-5068 chromium-browser: race condition in webrtc

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm

x86_64:
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm

x86_64:
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm

x86_64:
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-5068
https://access.redhat.com/security/updates/classification/#important
https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZFJFMXlSAg2UNWIIRAtjDAJwIXjcTHRZjHJfKlOYLjl35yL1CsQCfVR4Y
3I/wzStk0yuQ+NRPDE3XU0I=
=ysSV
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri May 12 10:21:49 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 12 May 2017 06:21:49 -0400
Subject: [RHSA-2017:1230-01] Important: ghostscript security update
Message-ID: <201705121021.v4CALnMs019995@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: ghostscript security update
Advisory ID:       RHSA-2017:1230-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1230
Issue date:        2017-05-12
CVE Names:         CVE-2017-8291 
=====================================================================

1. Summary:

An update for ghostscript is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The Ghostscript suite contains utilities for rendering PostScript and PDF
documents. Ghostscript translates PostScript code to common bitmap formats
so that the code can be displayed or printed.

Security Fix(es):

* It was found that ghostscript did not properly validate the parameters
passed to the .rsdparams and .eqproc functions. During its execution, a
specially crafted PostScript document could execute code in the context of
the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1446063 - CVE-2017-8291 ghostscript: corruption of operand stack

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ghostscript-8.70-23.el6_9.2.src.rpm

i386:
ghostscript-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm

x86_64:
ghostscript-8.70-23.el6_9.2.i686.rpm
ghostscript-8.70-23.el6_9.2.x86_64.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-devel-8.70-23.el6_9.2.i686.rpm
ghostscript-doc-8.70-23.el6_9.2.i686.rpm
ghostscript-gtk-8.70-23.el6_9.2.i686.rpm

x86_64:
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm
ghostscript-devel-8.70-23.el6_9.2.i686.rpm
ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm
ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm
ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ghostscript-8.70-23.el6_9.2.src.rpm

x86_64:
ghostscript-8.70-23.el6_9.2.i686.rpm
ghostscript-8.70-23.el6_9.2.x86_64.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm
ghostscript-devel-8.70-23.el6_9.2.i686.rpm
ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm
ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm
ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ghostscript-8.70-23.el6_9.2.src.rpm

i386:
ghostscript-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm

ppc64:
ghostscript-8.70-23.el6_9.2.ppc.rpm
ghostscript-8.70-23.el6_9.2.ppc64.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.ppc.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.ppc64.rpm

s390x:
ghostscript-8.70-23.el6_9.2.s390.rpm
ghostscript-8.70-23.el6_9.2.s390x.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.s390.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.s390x.rpm

x86_64:
ghostscript-8.70-23.el6_9.2.i686.rpm
ghostscript-8.70-23.el6_9.2.x86_64.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-devel-8.70-23.el6_9.2.i686.rpm
ghostscript-doc-8.70-23.el6_9.2.i686.rpm
ghostscript-gtk-8.70-23.el6_9.2.i686.rpm

ppc64:
ghostscript-debuginfo-8.70-23.el6_9.2.ppc.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.ppc64.rpm
ghostscript-devel-8.70-23.el6_9.2.ppc.rpm
ghostscript-devel-8.70-23.el6_9.2.ppc64.rpm
ghostscript-doc-8.70-23.el6_9.2.ppc64.rpm
ghostscript-gtk-8.70-23.el6_9.2.ppc64.rpm

s390x:
ghostscript-debuginfo-8.70-23.el6_9.2.s390.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.s390x.rpm
ghostscript-devel-8.70-23.el6_9.2.s390.rpm
ghostscript-devel-8.70-23.el6_9.2.s390x.rpm
ghostscript-doc-8.70-23.el6_9.2.s390x.rpm
ghostscript-gtk-8.70-23.el6_9.2.s390x.rpm

x86_64:
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm
ghostscript-devel-8.70-23.el6_9.2.i686.rpm
ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm
ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm
ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ghostscript-8.70-23.el6_9.2.src.rpm

i386:
ghostscript-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm

x86_64:
ghostscript-8.70-23.el6_9.2.i686.rpm
ghostscript-8.70-23.el6_9.2.x86_64.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-devel-8.70-23.el6_9.2.i686.rpm
ghostscript-doc-8.70-23.el6_9.2.i686.rpm
ghostscript-gtk-8.70-23.el6_9.2.i686.rpm

x86_64:
ghostscript-debuginfo-8.70-23.el6_9.2.i686.rpm
ghostscript-debuginfo-8.70-23.el6_9.2.x86_64.rpm
ghostscript-devel-8.70-23.el6_9.2.i686.rpm
ghostscript-devel-8.70-23.el6_9.2.x86_64.rpm
ghostscript-doc-8.70-23.el6_9.2.x86_64.rpm
ghostscript-gtk-8.70-23.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
ghostscript-9.07-20.el7_3.5.src.rpm

x86_64:
ghostscript-9.07-20.el7_3.5.i686.rpm
ghostscript-9.07-20.el7_3.5.x86_64.rpm
ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
ghostscript-doc-9.07-20.el7_3.5.noarch.rpm

x86_64:
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm
ghostscript-devel-9.07-20.el7_3.5.i686.rpm
ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm
ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
ghostscript-9.07-20.el7_3.5.src.rpm

x86_64:
ghostscript-9.07-20.el7_3.5.i686.rpm
ghostscript-9.07-20.el7_3.5.x86_64.rpm
ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
ghostscript-doc-9.07-20.el7_3.5.noarch.rpm

x86_64:
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm
ghostscript-devel-9.07-20.el7_3.5.i686.rpm
ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm
ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
ghostscript-9.07-20.el7_3.5.src.rpm

aarch64:
ghostscript-9.07-20.el7_3.5.aarch64.rpm
ghostscript-cups-9.07-20.el7_3.5.aarch64.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.aarch64.rpm

ppc64:
ghostscript-9.07-20.el7_3.5.ppc.rpm
ghostscript-9.07-20.el7_3.5.ppc64.rpm
ghostscript-cups-9.07-20.el7_3.5.ppc64.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.ppc.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.ppc64.rpm

ppc64le:
ghostscript-9.07-20.el7_3.5.ppc64le.rpm
ghostscript-cups-9.07-20.el7_3.5.ppc64le.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.ppc64le.rpm

s390x:
ghostscript-9.07-20.el7_3.5.s390.rpm
ghostscript-9.07-20.el7_3.5.s390x.rpm
ghostscript-cups-9.07-20.el7_3.5.s390x.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.s390.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.s390x.rpm

x86_64:
ghostscript-9.07-20.el7_3.5.i686.rpm
ghostscript-9.07-20.el7_3.5.x86_64.rpm
ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
ghostscript-debuginfo-9.07-20.el7_3.5.aarch64.rpm
ghostscript-devel-9.07-20.el7_3.5.aarch64.rpm
ghostscript-gtk-9.07-20.el7_3.5.aarch64.rpm

noarch:
ghostscript-doc-9.07-20.el7_3.5.noarch.rpm

ppc64:
ghostscript-debuginfo-9.07-20.el7_3.5.ppc.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.ppc64.rpm
ghostscript-devel-9.07-20.el7_3.5.ppc.rpm
ghostscript-devel-9.07-20.el7_3.5.ppc64.rpm
ghostscript-gtk-9.07-20.el7_3.5.ppc64.rpm

ppc64le:
ghostscript-debuginfo-9.07-20.el7_3.5.ppc64le.rpm
ghostscript-devel-9.07-20.el7_3.5.ppc64le.rpm
ghostscript-gtk-9.07-20.el7_3.5.ppc64le.rpm

s390x:
ghostscript-debuginfo-9.07-20.el7_3.5.s390.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.s390x.rpm
ghostscript-devel-9.07-20.el7_3.5.s390.rpm
ghostscript-devel-9.07-20.el7_3.5.s390x.rpm
ghostscript-gtk-9.07-20.el7_3.5.s390x.rpm

x86_64:
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm
ghostscript-devel-9.07-20.el7_3.5.i686.rpm
ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm
ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
ghostscript-9.07-20.el7_3.5.src.rpm

x86_64:
ghostscript-9.07-20.el7_3.5.i686.rpm
ghostscript-9.07-20.el7_3.5.x86_64.rpm
ghostscript-cups-9.07-20.el7_3.5.x86_64.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
ghostscript-doc-9.07-20.el7_3.5.noarch.rpm

x86_64:
ghostscript-debuginfo-9.07-20.el7_3.5.i686.rpm
ghostscript-debuginfo-9.07-20.el7_3.5.x86_64.rpm
ghostscript-devel-9.07-20.el7_3.5.i686.rpm
ghostscript-devel-9.07-20.el7_3.5.x86_64.rpm
ghostscript-gtk-9.07-20.el7_3.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-8291
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZFYy0XlSAg2UNWIIRAipXAJ4rcg5WDTUPj1FZHorIBKq2r8ku/wCgnP4U
LZENSjSfcYRRl+hf4pfol10=
=6EN3
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May 16 09:46:32 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 16 May 2017 05:46:32 -0400
Subject: [RHSA-2017:1232-01] Important: kernel security update
Message-ID: <201705160946.v4G9kW5R028865@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2017:1232-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1232
Issue date:        2017-05-16
CVE Names:         CVE-2017-2636 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64
Red Hat Enterprise Linux Server TUS (v. 6.5) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A race condition flaw was found in the N_HLDC Linux kernel driver when
accessing n_hdlc.tbuf list that can lead to double free. A local,
unprivileged user able to set the HDLC line discipline on the tty device
could use this flaw to increase their privileges on the system.
(CVE-2017-2636, Important)

Red Hat would like to thank Alexander Popov for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1428319 - CVE-2017-2636 kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
kernel-2.6.32-431.80.1.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-431.80.1.el6.noarch.rpm
kernel-doc-2.6.32-431.80.1.el6.noarch.rpm
kernel-firmware-2.6.32-431.80.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debug-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.80.1.el6.x86_64.rpm
kernel-devel-2.6.32-431.80.1.el6.x86_64.rpm
kernel-headers-2.6.32-431.80.1.el6.x86_64.rpm
perf-2.6.32-431.80.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.5):

Source:
kernel-2.6.32-431.80.1.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-431.80.1.el6.noarch.rpm
kernel-doc-2.6.32-431.80.1.el6.noarch.rpm
kernel-firmware-2.6.32-431.80.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debug-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.80.1.el6.x86_64.rpm
kernel-devel-2.6.32-431.80.1.el6.x86_64.rpm
kernel-headers-2.6.32-431.80.1.el6.x86_64.rpm
perf-2.6.32-431.80.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.5):

Source:
kernel-2.6.32-431.80.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.80.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
python-perf-2.6.32-431.80.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 6.5):

Source:
kernel-2.6.32-431.80.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.80.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
python-perf-2.6.32-431.80.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-2636
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZGspzXlSAg2UNWIIRAubcAJ9cXSGWdtUjeU0K279k4rFFTOaRTgCgrAWq
+frrJk+ZjKEhrR82USNhFhs=
=k4fV
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May 16 11:19:19 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 16 May 2017 07:19:19 -0400
Subject: [RHSA-2017:1233-01] Important: kernel security update
Message-ID: <201705161119.v4GBJJPa007109@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2017:1233-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1233
Issue date:        2017-05-16
CVE Names:         CVE-2017-2636 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A race condition flaw was found in the N_HLDC Linux kernel driver when
accessing n_hdlc.tbuf list that can lead to double free. A local,
unprivileged user able to set the HDLC line discipline on the tty device
could use this flaw to increase their privileges on the system.
(CVE-2017-2636, Important)

Red Hat would like to thank Alexander Popov for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1428319 - CVE-2017-2636 kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
kernel-2.6.32-573.42.1.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.42.1.el6.noarch.rpm
kernel-doc-2.6.32-573.42.1.el6.noarch.rpm
kernel-firmware-2.6.32-573.42.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debug-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.42.1.el6.i686.rpm
kernel-debug-devel-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.42.1.el6.x86_64.rpm
kernel-devel-2.6.32-573.42.1.el6.x86_64.rpm
kernel-headers-2.6.32-573.42.1.el6.x86_64.rpm
perf-2.6.32-573.42.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):

x86_64:
kernel-debug-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.42.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
python-perf-2.6.32-573.42.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
kernel-2.6.32-573.42.1.el6.src.rpm

i386:
kernel-2.6.32-573.42.1.el6.i686.rpm
kernel-debug-2.6.32-573.42.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debug-devel-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.42.1.el6.i686.rpm
kernel-devel-2.6.32-573.42.1.el6.i686.rpm
kernel-headers-2.6.32-573.42.1.el6.i686.rpm
perf-2.6.32-573.42.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.42.1.el6.noarch.rpm
kernel-doc-2.6.32-573.42.1.el6.noarch.rpm
kernel-firmware-2.6.32-573.42.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-573.42.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-573.42.1.el6.ppc64.rpm
kernel-debug-2.6.32-573.42.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-573.42.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.42.1.el6.ppc64.rpm
kernel-devel-2.6.32-573.42.1.el6.ppc64.rpm
kernel-headers-2.6.32-573.42.1.el6.ppc64.rpm
perf-2.6.32-573.42.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-573.42.1.el6.s390x.rpm
kernel-debug-2.6.32-573.42.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-573.42.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.42.1.el6.s390x.rpm
kernel-devel-2.6.32-573.42.1.el6.s390x.rpm
kernel-headers-2.6.32-573.42.1.el6.s390x.rpm
kernel-kdump-2.6.32-573.42.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-573.42.1.el6.s390x.rpm
perf-2.6.32-573.42.1.el6.s390x.rpm
perf-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debug-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.42.1.el6.i686.rpm
kernel-debug-devel-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.42.1.el6.x86_64.rpm
kernel-devel-2.6.32-573.42.1.el6.x86_64.rpm
kernel-headers-2.6.32-573.42.1.el6.x86_64.rpm
perf-2.6.32-573.42.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.7):

i386:
kernel-debug-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.42.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm
python-perf-2.6.32-573.42.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.42.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm
python-perf-2.6.32-573.42.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.42.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
perf-debuginfo-2.6.32-573.42.1.el6.s390x.rpm
python-perf-2.6.32-573.42.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.42.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm
python-perf-2.6.32-573.42.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.42.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-2636
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZGuA1XlSAg2UNWIIRAhAKAJ4/G54k7Fu4g0QQQbpS7l062zoxYACfRFwg
BJxvc92xYnFsEjpn+Sk1VlA=
=tR3h
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Wed May 17 17:40:18 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 17 May 2017 17:40:18 +0000
Subject: [RHSA-2017:1244-01] Important: ansible and openshift-ansible security
	and bug fix update
Message-ID: <201705171740.v4HHeMtl002648@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: ansible and openshift-ansible security and bug fix update
Advisory ID:       RHSA-2017:1244-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1244
Issue date:        2017-05-17
CVE Names:         CVE-2017-7466 CVE-2017-7481 
=====================================================================

1. Summary:

Updated atomic-openshift-utils and openshift-ansible packages that fix two
security issues and several bugs are now available for OpenShift Container
Platform 3.5, 3.4, 3.3, and 3.2.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 3.2 - noarch
Red Hat OpenShift Container Platform 3.3 - noarch
Red Hat OpenShift Container Platform 3.4 - noarch
Red Hat OpenShift Container Platform 3.5 - noarch

3. Description:

Red Hat OpenShift Container Platform is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private
cloud deployments.

Ansible is a SSH-based configuration management, deployment, and task
execution system. The openshift-ansible packages contain Ansible code and
playbooks for installing and upgrading OpenShift Container Platform 3.

Security Fix(es):

* An input validation vulnerability was found in Ansible's handling of data
sent from client systems. An attacker with control over a client system
being managed by Ansible, and the ability to send facts back to the Ansible
server, could use this flaw to execute arbitrary code on the Ansible server
using the Ansible server privileges. (CVE-2017-7466)

* Ansible fails to properly mark lookup() results as unsafe,
if an attacker can control the results of lookup() calls they can inject
unicode strings which may then be parsed by the jinja2 templating system
resulting in code execution. (CVE-2017-7481)

This update also fixes the following bugs:

* The installer could fail to add iptables rules if other iptables rules
were being updated at the same time. This bug fix updates the installer to
wait to obtain a lock when updating iptables rules, ensuring that rules are
properly created. (BZ#1445194, BZ#1445282)

* In multi-master environments, if `ansible_host` and `openshift_hostname`
values differ and Ansible sorts one of the lists differently from the
other, then the CA host may be the first master but it was still signing
the initial certificates with the host names of the first master. By
ensuring that the host names of the CA host are used when creating the
certificate authority, this bug fix ensures that the certificates are
signed with the correct host names. (BZ#1447399, BZ#1440309, BZ#1447398)

* Running Ansible via `batch` systems like the `nohup` command caused
Ansible to leak file descriptors and abort playbooks whenever the maximum
number of open file descriptors was reached. Ansible 2.2.3.0 includes a fix
for this problem, and OCP channels have been updated to include this
version. (BZ#1439277)

* The OCP 3.4 logging stack upgraded the schema to use the common standard
logging data model. However, some of the Elasticsearch and Kibana
configuration to use this schema was missing. This caused Kibana to show an
error message upon startup. This bug fix adds the correct Elasticsearch and
Kibana configuration to the logging stack, including during upgrade from
OCP 3.3 to 3.4, and from 3.4.x to 3.4.y. As a result, Kibana works
correctly with the new logging data schema. (BZ#1444106)

* Because the upgrade playbooks upgraded packages in a serial manner rather
than all at once, yum dependency resolution would have installed the latest
version available in the enabled repositories rather than the requested
version. This bug fix updates the playbooks to upgrade all packages to the
requested version at once, which prevents yum from potentially upgrading to
the latest version. (BZ#1391325, BZ#1449220, BZ#1449221) 

* In an environment utilizing mixed containerized and RPM based
installation methods, the installer would fail to gather facts when a
master and node used different installation methods. This bug fix updates
the installer to ensure mixed installations work properly. (BZ#1408663)

* Previously, if `enable_excluders=false` was set the playbooks would still
install and upgrade the excluders during the config.yml playbook even if
the excluders were never previously installed. With this bug fix, if the
excluders were not previously installed, the playbooks will avoid
installing them. (BZ#1434679)

* Previously, the playbooks would abort if a namespace had non-ASCII
characters in their descriptions. This bug fix updates the playbooks to
properly decode unicode characters ensuring that upgrades to OCP 3.5 work
as expected. (BZ#1444806)

All OpenShift Container Platform users are advised to upgrade to these
updated packages.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To apply this update, run the following on all hosts where you intend to
initiate Ansible-based installation or upgrade procedures:

# yum update atomic-openshift-utils

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1391325 - [3.5] openshift_pkg_version doesn't seem to work
1408663 - [3.4] facts collection for openshift.common.admin_binary does not seem to work in mixed environments
1418032 - [3.2] Update router and registry certificates in the redeploy-certificates.yml
1422541 - [3.5] [quick installer]Installer get stuck at "Gathering information from hosts..." if bad hostname checked
1434679 - [3.5] openshift-ansible should do nothing to existed excluders when set "enable_excluders=false"
1439212 - CVE-2017-7466 ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587)
1439277 - Ansible Install is unable to complete install due to module losing issues.
1440309 - [3.4] Post-install, master certs signed for wrong name
1444106 - [3.4 Backport] openshift users encountered confirmation "Apply these filters?" when switching between index list populated in the left panel on kibana
1444806 - [3.5] Unable to run upgrade playbook
1445194 - [3.4] Installer fails to add/check iptables rule due to lock on xtables
1445282 - [3.3] Installer fails to add/check iptables rule due to lock on xtables
1446741 - [3.4] Redeploy certificates fails with custom openshift_hosted_router_certificate
1446745 - [3.3] Redeploy certificates fails with custom openshift_hosted_router_certificate
1447398 - [3.3] Post-install, master certs signed for wrong name
1447399 - [3.5] Post-install, master certs signed for wrong name
1448842 - Installing Openshift Container Platform 3.5 returns an error on Play 11/28 (Disable excluders)
1449220 - [3.4] openshift_pkg_version doesn't seem to work
1449221 - [3.3] openshift_pkg_version doesn't seem to work
1450018 - CVE-2017-7481 ansible: Security issue with lookup return not tainting the jinja2 environment
1450412 - [3.4] Installing containerized using the 3.4 playbooks may install other versions
1450415 - [3.3] Installing containerized using the 3.3 playbooks may install other versions

6. Package List:

Red Hat OpenShift Container Platform 3.2:

Source:
ansible-2.2.3.0-1.el7.src.rpm
openshift-ansible-3.2.56-1.git.0.b844ab7.el7.src.rpm

noarch:
ansible-2.2.3.0-1.el7.noarch.rpm
atomic-openshift-utils-3.2.56-1.git.0.b844ab7.el7.noarch.rpm
openshift-ansible-3.2.56-1.git.0.b844ab7.el7.noarch.rpm
openshift-ansible-docs-3.2.56-1.git.0.b844ab7.el7.noarch.rpm
openshift-ansible-filter-plugins-3.2.56-1.git.0.b844ab7.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.2.56-1.git.0.b844ab7.el7.noarch.rpm
openshift-ansible-playbooks-3.2.56-1.git.0.b844ab7.el7.noarch.rpm
openshift-ansible-roles-3.2.56-1.git.0.b844ab7.el7.noarch.rpm

Red Hat OpenShift Container Platform 3.3:

Source:
ansible-2.2.3.0-1.el7.src.rpm
openshift-ansible-3.3.82-1.git.0.af0c922.el7.src.rpm

noarch:
ansible-2.2.3.0-1.el7.noarch.rpm
atomic-openshift-utils-3.3.82-1.git.0.af0c922.el7.noarch.rpm
openshift-ansible-3.3.82-1.git.0.af0c922.el7.noarch.rpm
openshift-ansible-callback-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm
openshift-ansible-docs-3.3.82-1.git.0.af0c922.el7.noarch.rpm
openshift-ansible-filter-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm
openshift-ansible-playbooks-3.3.82-1.git.0.af0c922.el7.noarch.rpm
openshift-ansible-roles-3.3.82-1.git.0.af0c922.el7.noarch.rpm

Red Hat OpenShift Container Platform 3.4:

Source:
ansible-2.2.3.0-1.el7.src.rpm
openshift-ansible-3.4.89-1.git.0.ac29ce8.el7.src.rpm

noarch:
ansible-2.2.3.0-1.el7.noarch.rpm
atomic-openshift-utils-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm
openshift-ansible-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm
openshift-ansible-callback-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm
openshift-ansible-docs-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm
openshift-ansible-filter-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm
openshift-ansible-playbooks-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm
openshift-ansible-roles-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm

Red Hat OpenShift Container Platform 3.5:

Source:
ansible-2.2.3.0-1.el7.src.rpm
openshift-ansible-3.5.71-1.git.0.128c2db.el7.src.rpm

noarch:
ansible-2.2.3.0-1.el7.noarch.rpm
atomic-openshift-utils-3.5.71-1.git.0.128c2db.el7.noarch.rpm
openshift-ansible-3.5.71-1.git.0.128c2db.el7.noarch.rpm
openshift-ansible-callback-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm
openshift-ansible-docs-3.5.71-1.git.0.128c2db.el7.noarch.rpm
openshift-ansible-filter-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm
openshift-ansible-lookup-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm
openshift-ansible-playbooks-3.5.71-1.git.0.128c2db.el7.noarch.rpm
openshift-ansible-roles-3.5.71-1.git.0.128c2db.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7466
https://access.redhat.com/security/cve/CVE-2017-7481
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZHIsFXlSAg2UNWIIRAuB1AJ9F/QzE7KWxmeObPZ4D1cr+b+kEDACghefR
WrXYiGid1xP2VEDz+gniRjk=
=Z/cV
-----END PGP SIGNATURE-----




From fleite at redhat.com  Wed May 17 19:48:32 2017
From: fleite at redhat.com (Fabio Olive Leite)
Date: Wed, 17 May 2017 16:48:32 -0300
Subject: MAILING LIST SHUTDOWN NOTIFICATION
Message-ID: <10808fc7-9f2a-de6f-72a0-53e6d2735356@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ERRATA MAILING LIST SHUTDOWN NOTIFICATION

This is a notification to inform all subscribers that on May 31st 2017
the rhev-watch-list, enterprise-watch-list and jboss-watch-list mailing
lists will be disabled by Red Hat Product Security, and no additional
Security Advisory notifications will be sent to them.  The blog post
linked below contains information about this change and the many
alternatives available for receiving security errata notifications.

https://access.redhat.com/blogs/product-security/posts/rhsa-announce

In summary, the rhsa-announce mailing list will remain operational and
has been enhanced with Topics support, so that it can provide the same
level of granularity for the advisories delivered to subscribers as the
individual lists being disabled, with benefits.

For any concerns regarding the shutdown of these mailing lists, please
reach out to Red Hat Product Security at <secalert at redhat.com>.

Fabio Olive Leite
Red Hat Product Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZHKajXlSAg2UNWIIRApryAKCQVRnghMBJe4xjNkUY82Mr9vDD0wCgwcOc
qwqVW3KUeLd82EkQnbV125c=
=f6hd
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Wed May 17 20:04:31 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 17 May 2017 20:04:31 +0000
Subject: [RHSA-2017:1242-01] Important: Red Hat OpenStack Platform director
	security update
Message-ID: <201705172004.v4HK4dZq020885@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform director security update
Advisory ID:       RHSA-2017:1242-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1242
Issue date:        2017-05-17
CVE Names:         CVE-2017-2637 
=====================================================================

1. Summary:

An update is now available for Red Hat OpenStack Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 10.0 - noarch

3. Description:

Red Hat OpenStack Platform director provides the facilities for deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
based on Red Hat OpenStack Platform.

Security Fix(es):

* A design flaw issue was found in the Red Hat OpenStack Platform director
use of TripleO to enable libvirtd based live-migration. Libvirtd is
deployed by default (by director) listening on 0.0.0.0 (all interfaces)
with no-authentication or encryption. Anyone able to make a TCP connection
to any compute host IP address, including 127.0.0.1, other loopback
interface addresses, or in some cases possibly addresses that have been
exposed beyond the management interface, could use this to open a virsh
session to the libvirtd instance and gain control of virtual machine
instances or possibly take over the host. (CVE-2017-2637)

A KCS article with more information on this flaw is available at:
https://access.redhat.com/solutions/3022771

This issue was discovered by David Gurtner (Red Hat).

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1416228 - rhosp-director:   Failed to minor update overcloud - fails before running yum update.
1428017 - Package update fails in the compute node
1428240 - CVE-2017-2637 rhosp-director:libvirtd is deployed with no authentication
1437016 - tripleo client stuck in IN_PROGRESS in overcloud update run
1441982 - [UPDATES] Update of mod_ssl package prevents haproxy from starting
1448062 - Unable to log in  via SSH to compute nodes with the heat-admin user

6. Package List:

Red Hat OpenStack Platform 10.0:

Source:
openstack-nova-14.0.3-9.el7ost.src.rpm
openstack-tripleo-common-5.4.1-6.el7ost.src.rpm
openstack-tripleo-heat-templates-5.2.0-15.el7ost.src.rpm
openstack-tripleo-puppet-elements-5.2.0-3.el7ost.src.rpm
puppet-nova-9.5.0-4.el7ost.src.rpm
puppet-tripleo-5.5.0-12.el7ost.src.rpm

noarch:
openstack-nova-14.0.3-9.el7ost.noarch.rpm
openstack-nova-api-14.0.3-9.el7ost.noarch.rpm
openstack-nova-cells-14.0.3-9.el7ost.noarch.rpm
openstack-nova-cert-14.0.3-9.el7ost.noarch.rpm
openstack-nova-common-14.0.3-9.el7ost.noarch.rpm
openstack-nova-compute-14.0.3-9.el7ost.noarch.rpm
openstack-nova-conductor-14.0.3-9.el7ost.noarch.rpm
openstack-nova-console-14.0.3-9.el7ost.noarch.rpm
openstack-nova-migration-14.0.3-9.el7ost.noarch.rpm
openstack-nova-network-14.0.3-9.el7ost.noarch.rpm
openstack-nova-novncproxy-14.0.3-9.el7ost.noarch.rpm
openstack-nova-placement-api-14.0.3-9.el7ost.noarch.rpm
openstack-nova-scheduler-14.0.3-9.el7ost.noarch.rpm
openstack-nova-serialproxy-14.0.3-9.el7ost.noarch.rpm
openstack-nova-spicehtml5proxy-14.0.3-9.el7ost.noarch.rpm
openstack-tripleo-common-5.4.1-6.el7ost.noarch.rpm
openstack-tripleo-heat-templates-5.2.0-15.el7ost.noarch.rpm
openstack-tripleo-puppet-elements-5.2.0-3.el7ost.noarch.rpm
puppet-nova-9.5.0-4.el7ost.noarch.rpm
puppet-tripleo-5.5.0-12.el7ost.noarch.rpm
python-nova-14.0.3-9.el7ost.noarch.rpm
python-nova-tests-14.0.3-9.el7ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-2637
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/solutions/3022771

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZHKy0XlSAg2UNWIIRAhYVAJwJMjnUoX6Hl8sgs0wY4ZepJu3/kQCdGgv/
pNRoNoUPPfjxunvqXVfyL8g=
=jpAm
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 17 20:06:35 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 17 May 2017 20:06:35 +0000
Subject: [RHSA-2017:1243-01] Moderate: openstack-heat security, bug fix,
	and enhancement update
Message-ID: <201705172006.v4HK6e0G021349@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: openstack-heat security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:1243-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1243
Issue date:        2017-05-17
CVE Names:         CVE-2017-2621 
=====================================================================

1. Summary:

An update for openstack-heat is now available for Red Hat OpenStack
Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 10.0 - noarch

3. Description:

OpenStack Orchestration (heat) is a template-driven engine used to specify
and deploy configurations for Compute, Storage, and OpenStack Networking.
The service can be used to automate post-deployment actions, which in turn
allows automated provisioning of infrastructure, services, and
applications. Additionally, Orchestration can be integrated with Telemetry
alarms to implement auto-scaling for certain infrastructure resources.

The following packages have been upgraded to a later upstream version:
openstack-heat (7.0.2). (BZ#1431258)

Security Fix(es):

* An access-control flaw was found in the OpenStack Orchestration (heat)
service where a service log directory was improperly made world readable. A
malicious system user could exploit this flaw to access sensitive
information. (CVE-2017-2621)

Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1420990 - CVE-2017-2621 openstack-heat: /var/log/heat/ is world readable
1424578 - Heat doesn't inject personality files on rebuild
1424886 - Password written in clear text in heat-api.log with DEBUG mode [openstack-10]
1428632 - OpenStack Heat may fail to connect keystone admin API in multi-region environment
1428877 - [UPDATES] ERROR: The "pre-update" hook is not defined on SoftwareDeployment "UpdateDeployment"
1431258 - Rebase openstack-heat to stable/newton hash 6533b3d

6. Package List:

Red Hat OpenStack Platform 10.0:

Source:
openstack-heat-7.0.2-4.el7ost.src.rpm

noarch:
openstack-heat-api-7.0.2-4.el7ost.noarch.rpm
openstack-heat-api-cfn-7.0.2-4.el7ost.noarch.rpm
openstack-heat-api-cloudwatch-7.0.2-4.el7ost.noarch.rpm
openstack-heat-common-7.0.2-4.el7ost.noarch.rpm
openstack-heat-engine-7.0.2-4.el7ost.noarch.rpm
python-heat-tests-7.0.2-4.el7ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-2621
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZHKz9XlSAg2UNWIIRArzmAJ9flM4PpDUWlQOTSWm2ZAnxvUhd6QCbBHUI
HPtae1lWdPMBctXSqEb3KeE=
=/Pcs
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May 22 03:57:05 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Sun, 21 May 2017 23:57:05 -0400
Subject: [RHSA-2017:1262-01] Important: rpcbind security update
Message-ID: <201705220357.v4M3v5fe022900@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rpcbind security update
Advisory ID:       RHSA-2017:1262-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1262
Issue date:        2017-05-22
CVE Names:         CVE-2017-8779 
=====================================================================

1. Summary:

An update for rpcbind is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

The rpcbind utility is a server that converts Remote Procedure Call (RPC)
program numbers into universal addresses. It must be running on the host to
be able to make RPC calls on a server on that machine.

Security Fix(es):

* It was found that due to the way rpcbind uses libtirpc (libntirpc), a
memory leak can occur when parsing specially crafted XDR messages. An
attacker sending thousands of messages to rpcbind could cause its memory
usage to grow without bound, eventually causing it to be terminated by the
OOM killer. (CVE-2017-8779)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1448124 - CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
rpcbind-0.2.0-38.el7_3.src.rpm

x86_64:
rpcbind-0.2.0-38.el7_3.x86_64.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rpcbind-0.2.0-38.el7_3.src.rpm

x86_64:
rpcbind-0.2.0-38.el7_3.x86_64.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
rpcbind-0.2.0-38.el7_3.src.rpm

aarch64:
rpcbind-0.2.0-38.el7_3.aarch64.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.aarch64.rpm

ppc64:
rpcbind-0.2.0-38.el7_3.ppc64.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.ppc64.rpm

ppc64le:
rpcbind-0.2.0-38.el7_3.ppc64le.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.ppc64le.rpm

s390x:
rpcbind-0.2.0-38.el7_3.s390x.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.s390x.rpm

x86_64:
rpcbind-0.2.0-38.el7_3.x86_64.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
rpcbind-0.2.0-38.el7_3.src.rpm

x86_64:
rpcbind-0.2.0-38.el7_3.x86_64.rpm
rpcbind-debuginfo-0.2.0-38.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-8779
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZImGhXlSAg2UNWIIRAh7TAJ9tlg3/AaQtejXB4xCaWGv7O2bGXACfZQXh
/KHbCaDWXW5upkT0sOkxOUg=
=Lz5V
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Mon May 22 03:57:41 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Sun, 21 May 2017 23:57:41 -0400
Subject: [RHSA-2017:1263-01] Important: libtirpc security update
Message-ID: <201705220357.v4M3vf5O022948@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libtirpc security update
Advisory ID:       RHSA-2017:1263-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1263
Issue date:        2017-05-22
CVE Names:         CVE-2017-8779 
=====================================================================

1. Summary:

An update for libtirpc is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The libtirpc packages contain SunLib's implementation of
transport-independent remote procedure call (TI-RPC) documentation, which
includes a library required by programs in the nfs-utils and rpcbind
packages.

Security Fix(es):

* It was found that due to the way rpcbind uses libtirpc (libntirpc), a
memory leak can occur when parsing specially crafted XDR messages. An
attacker sending thousands of messages to rpcbind could cause its memory
usage to grow without bound, eventually causing it to be terminated by the
OOM killer. (CVE-2017-8779)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1448124 - CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libtirpc-0.2.4-0.8.el7_3.src.rpm

x86_64:
libtirpc-0.2.4-0.8.el7_3.i686.rpm
libtirpc-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-devel-0.2.4-0.8.el7_3.i686.rpm
libtirpc-devel-0.2.4-0.8.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
libtirpc-0.2.4-0.8.el7_3.src.rpm

x86_64:
libtirpc-0.2.4-0.8.el7_3.i686.rpm
libtirpc-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-devel-0.2.4-0.8.el7_3.i686.rpm
libtirpc-devel-0.2.4-0.8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libtirpc-0.2.4-0.8.el7_3.src.rpm

aarch64:
libtirpc-0.2.4-0.8.el7_3.aarch64.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.aarch64.rpm

ppc64:
libtirpc-0.2.4-0.8.el7_3.ppc.rpm
libtirpc-0.2.4-0.8.el7_3.ppc64.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.ppc.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.ppc64.rpm

ppc64le:
libtirpc-0.2.4-0.8.el7_3.ppc64le.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.ppc64le.rpm

s390x:
libtirpc-0.2.4-0.8.el7_3.s390.rpm
libtirpc-0.2.4-0.8.el7_3.s390x.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.s390.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.s390x.rpm

x86_64:
libtirpc-0.2.4-0.8.el7_3.i686.rpm
libtirpc-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
libtirpc-debuginfo-0.2.4-0.8.el7_3.aarch64.rpm
libtirpc-devel-0.2.4-0.8.el7_3.aarch64.rpm

ppc64:
libtirpc-debuginfo-0.2.4-0.8.el7_3.ppc.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.ppc64.rpm
libtirpc-devel-0.2.4-0.8.el7_3.ppc.rpm
libtirpc-devel-0.2.4-0.8.el7_3.ppc64.rpm

ppc64le:
libtirpc-debuginfo-0.2.4-0.8.el7_3.ppc64le.rpm
libtirpc-devel-0.2.4-0.8.el7_3.ppc64le.rpm

s390x:
libtirpc-debuginfo-0.2.4-0.8.el7_3.s390.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.s390x.rpm
libtirpc-devel-0.2.4-0.8.el7_3.s390.rpm
libtirpc-devel-0.2.4-0.8.el7_3.s390x.rpm

x86_64:
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-devel-0.2.4-0.8.el7_3.i686.rpm
libtirpc-devel-0.2.4-0.8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libtirpc-0.2.4-0.8.el7_3.src.rpm

x86_64:
libtirpc-0.2.4-0.8.el7_3.i686.rpm
libtirpc-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libtirpc-debuginfo-0.2.4-0.8.el7_3.i686.rpm
libtirpc-debuginfo-0.2.4-0.8.el7_3.x86_64.rpm
libtirpc-devel-0.2.4-0.8.el7_3.i686.rpm
libtirpc-devel-0.2.4-0.8.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-8779
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZImHGXlSAg2UNWIIRAiX8AJ9IHJZbg87AHh5tSxprdrgCOWpSYACgs7Uk
20CJpxu10LU3dn4JOf4/Hh8=
=Pxq5
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Mon May 22 10:25:49 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 22 May 2017 10:25:49 +0000
Subject: [RHSA-2017:1264-01] Important: kdelibs security update
Message-ID: <201705221025.v4MAPviK005791@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kdelibs security update
Advisory ID:       RHSA-2017:1264-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1264
Issue date:        2017-05-22
CVE Names:         CVE-2017-8422 
=====================================================================

1. Summary:

An update for kdelibs is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

The K Desktop Environment (KDE) is a graphical desktop environment for the
X Window System. The kdelibs packages include core libraries for the K
Desktop Environment.

Security Fix(es):

* A privilege escalation flaw was found in the way kdelibs handled D-Bus
messages. A local user could potentially use this flaw to gain root
privileges by spoofing a callerID and leveraging a privileged helper
application. (CVE-2017-8422)

Red Hat would like to thank Sebastian Krahmer (SUSE) for reporting this
issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update
to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1449647 - CVE-2017-8422 kauth: service invoking dbus is not properly checked and allows local privilege escalation

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kdelibs-4.14.8-6.el7_3.src.rpm

x86_64:
kdelibs-4.14.8-6.el7_3.i686.rpm
kdelibs-4.14.8-6.el7_3.x86_64.rpm
kdelibs-common-4.14.8-6.el7_3.x86_64.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.i686.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.x86_64.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.i686.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
kdelibs-apidocs-4.14.8-6.el7_3.noarch.rpm

x86_64:
kdelibs-debuginfo-4.14.8-6.el7_3.i686.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.x86_64.rpm
kdelibs-devel-4.14.8-6.el7_3.i686.rpm
kdelibs-devel-4.14.8-6.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kdelibs-4.14.8-6.el7_3.src.rpm

x86_64:
kdelibs-4.14.8-6.el7_3.i686.rpm
kdelibs-4.14.8-6.el7_3.x86_64.rpm
kdelibs-common-4.14.8-6.el7_3.x86_64.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.i686.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.x86_64.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.i686.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
kdelibs-apidocs-4.14.8-6.el7_3.noarch.rpm

x86_64:
kdelibs-debuginfo-4.14.8-6.el7_3.i686.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.x86_64.rpm
kdelibs-devel-4.14.8-6.el7_3.i686.rpm
kdelibs-devel-4.14.8-6.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kdelibs-4.14.8-6.el7_3.src.rpm

aarch64:
kdelibs-4.14.8-6.el7_3.aarch64.rpm
kdelibs-common-4.14.8-6.el7_3.aarch64.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.aarch64.rpm
kdelibs-devel-4.14.8-6.el7_3.aarch64.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.aarch64.rpm

ppc64le:
kdelibs-4.14.8-6.el7_3.ppc64le.rpm
kdelibs-common-4.14.8-6.el7_3.ppc64le.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.ppc64le.rpm
kdelibs-devel-4.14.8-6.el7_3.ppc64le.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.ppc64le.rpm

x86_64:
kdelibs-4.14.8-6.el7_3.i686.rpm
kdelibs-4.14.8-6.el7_3.x86_64.rpm
kdelibs-common-4.14.8-6.el7_3.x86_64.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.i686.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.x86_64.rpm
kdelibs-devel-4.14.8-6.el7_3.i686.rpm
kdelibs-devel-4.14.8-6.el7_3.x86_64.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.i686.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
kdelibs-4.14.8-6.el7_3.src.rpm

noarch:
kdelibs-apidocs-4.14.8-6.el7_3.noarch.rpm

ppc64:
kdelibs-4.14.8-6.el7_3.ppc.rpm
kdelibs-4.14.8-6.el7_3.ppc64.rpm
kdelibs-common-4.14.8-6.el7_3.ppc64.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.ppc.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.ppc64.rpm
kdelibs-devel-4.14.8-6.el7_3.ppc.rpm
kdelibs-devel-4.14.8-6.el7_3.ppc64.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.ppc.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.ppc64.rpm

s390x:
kdelibs-4.14.8-6.el7_3.s390.rpm
kdelibs-4.14.8-6.el7_3.s390x.rpm
kdelibs-common-4.14.8-6.el7_3.s390x.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.s390.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.s390x.rpm
kdelibs-devel-4.14.8-6.el7_3.s390.rpm
kdelibs-devel-4.14.8-6.el7_3.s390x.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.s390.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kdelibs-4.14.8-6.el7_3.src.rpm

x86_64:
kdelibs-4.14.8-6.el7_3.i686.rpm
kdelibs-4.14.8-6.el7_3.x86_64.rpm
kdelibs-common-4.14.8-6.el7_3.x86_64.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.i686.rpm
kdelibs-debuginfo-4.14.8-6.el7_3.x86_64.rpm
kdelibs-devel-4.14.8-6.el7_3.i686.rpm
kdelibs-devel-4.14.8-6.el7_3.x86_64.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.i686.rpm
kdelibs-ktexteditor-4.14.8-6.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
kdelibs-apidocs-4.14.8-6.el7_3.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-8422
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZIryyXlSAg2UNWIIRAut+AKCL6Q41BgxjibClfIq2Qwsu4M9CzQCfSd+5
f9o61xNcufb5ePgoksmuU6o=
=4XX+
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May 22 10:29:00 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 22 May 2017 10:29:00 +0000
Subject: [RHSA-2017:1265-01] Moderate: samba security and bug fix update
Message-ID: <201705221029.v4MAT6Fv006762@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: samba security and bug fix update
Advisory ID:       RHSA-2017:1265-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1265
Issue date:        2017-05-22
CVE Names:         CVE-2016-2125 CVE-2016-2126 CVE-2017-2619 
=====================================================================

1. Summary:

An update for samba is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.

Security Fix(es):

* It was found that Samba always requested forwardable tickets when using
Kerberos authentication. A service to which Samba authenticated using
Kerberos could subsequently use the ticket to impersonate Samba to other
services or domain users. (CVE-2016-2125)

* A flaw was found in the way Samba handled PAC (Privilege Attribute
Certificate) checksums. A remote, authenticated attacker could use this
flaw to crash the winbindd process. (CVE-2016-2126)

* A race condition was found in samba server. A malicious samba client
could use this flaw to access files and directories, in areas of the server
file system not exported under the share definitions. (CVE-2017-2619)

Red Hat would like to thank the Samba project for reporting CVE-2017-2619.
Upstream acknowledges Jann Horn (Google) as the original reporter of
CVE-2017-2619.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1403114 - CVE-2016-2125 samba: Unconditional privilege delegation to Kerberos servers in trusted realms
1403115 - CVE-2016-2126 samba: Flaws in Kerberos PAC validation can trigger privilege elevation
1429472 - CVE-2017-2619 samba: symlink race permits opening files outside share directory

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
samba-4.4.4-13.el7_3.src.rpm

noarch:
samba-common-4.4.4-13.el7_3.noarch.rpm

x86_64:
libsmbclient-4.4.4-13.el7_3.i686.rpm
libsmbclient-4.4.4-13.el7_3.x86_64.rpm
libwbclient-4.4.4-13.el7_3.i686.rpm
libwbclient-4.4.4-13.el7_3.x86_64.rpm
samba-client-4.4.4-13.el7_3.x86_64.rpm
samba-client-libs-4.4.4-13.el7_3.i686.rpm
samba-client-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-tools-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-13.el7_3.x86_64.rpm
samba-libs-4.4.4-13.el7_3.i686.rpm
samba-libs-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-13.el7_3.i686.rpm
samba-winbind-modules-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
samba-pidl-4.4.4-13.el7_3.noarch.rpm

x86_64:
libsmbclient-devel-4.4.4-13.el7_3.i686.rpm
libsmbclient-devel-4.4.4-13.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-13.el7_3.i686.rpm
libwbclient-devel-4.4.4-13.el7_3.x86_64.rpm
samba-4.4.4-13.el7_3.x86_64.rpm
samba-dc-4.4.4-13.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-devel-4.4.4-13.el7_3.i686.rpm
samba-devel-4.4.4-13.el7_3.x86_64.rpm
samba-python-4.4.4-13.el7_3.x86_64.rpm
samba-test-4.4.4-13.el7_3.x86_64.rpm
samba-test-libs-4.4.4-13.el7_3.i686.rpm
samba-test-libs-4.4.4-13.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
samba-4.4.4-13.el7_3.src.rpm

noarch:
samba-common-4.4.4-13.el7_3.noarch.rpm

x86_64:
libsmbclient-4.4.4-13.el7_3.i686.rpm
libsmbclient-4.4.4-13.el7_3.x86_64.rpm
libwbclient-4.4.4-13.el7_3.i686.rpm
libwbclient-4.4.4-13.el7_3.x86_64.rpm
samba-client-4.4.4-13.el7_3.x86_64.rpm
samba-client-libs-4.4.4-13.el7_3.i686.rpm
samba-client-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-tools-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-libs-4.4.4-13.el7_3.i686.rpm
samba-libs-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-13.el7_3.i686.rpm
samba-winbind-modules-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
samba-pidl-4.4.4-13.el7_3.noarch.rpm

x86_64:
libsmbclient-devel-4.4.4-13.el7_3.i686.rpm
libsmbclient-devel-4.4.4-13.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-13.el7_3.i686.rpm
libwbclient-devel-4.4.4-13.el7_3.x86_64.rpm
samba-4.4.4-13.el7_3.x86_64.rpm
samba-dc-4.4.4-13.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-devel-4.4.4-13.el7_3.i686.rpm
samba-devel-4.4.4-13.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-13.el7_3.x86_64.rpm
samba-python-4.4.4-13.el7_3.x86_64.rpm
samba-test-4.4.4-13.el7_3.x86_64.rpm
samba-test-libs-4.4.4-13.el7_3.i686.rpm
samba-test-libs-4.4.4-13.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
samba-4.4.4-13.el7_3.src.rpm

aarch64:
libsmbclient-4.4.4-13.el7_3.aarch64.rpm
libwbclient-4.4.4-13.el7_3.aarch64.rpm
samba-4.4.4-13.el7_3.aarch64.rpm
samba-client-4.4.4-13.el7_3.aarch64.rpm
samba-client-libs-4.4.4-13.el7_3.aarch64.rpm
samba-common-libs-4.4.4-13.el7_3.aarch64.rpm
samba-common-tools-4.4.4-13.el7_3.aarch64.rpm
samba-debuginfo-4.4.4-13.el7_3.aarch64.rpm
samba-krb5-printing-4.4.4-13.el7_3.aarch64.rpm
samba-libs-4.4.4-13.el7_3.aarch64.rpm
samba-python-4.4.4-13.el7_3.aarch64.rpm
samba-winbind-4.4.4-13.el7_3.aarch64.rpm
samba-winbind-clients-4.4.4-13.el7_3.aarch64.rpm
samba-winbind-modules-4.4.4-13.el7_3.aarch64.rpm

noarch:
samba-common-4.4.4-13.el7_3.noarch.rpm

ppc64:
libsmbclient-4.4.4-13.el7_3.ppc.rpm
libsmbclient-4.4.4-13.el7_3.ppc64.rpm
libwbclient-4.4.4-13.el7_3.ppc.rpm
libwbclient-4.4.4-13.el7_3.ppc64.rpm
samba-4.4.4-13.el7_3.ppc64.rpm
samba-client-4.4.4-13.el7_3.ppc64.rpm
samba-client-libs-4.4.4-13.el7_3.ppc.rpm
samba-client-libs-4.4.4-13.el7_3.ppc64.rpm
samba-common-libs-4.4.4-13.el7_3.ppc64.rpm
samba-common-tools-4.4.4-13.el7_3.ppc64.rpm
samba-debuginfo-4.4.4-13.el7_3.ppc.rpm
samba-debuginfo-4.4.4-13.el7_3.ppc64.rpm
samba-krb5-printing-4.4.4-13.el7_3.ppc64.rpm
samba-libs-4.4.4-13.el7_3.ppc.rpm
samba-libs-4.4.4-13.el7_3.ppc64.rpm
samba-winbind-4.4.4-13.el7_3.ppc64.rpm
samba-winbind-clients-4.4.4-13.el7_3.ppc64.rpm
samba-winbind-modules-4.4.4-13.el7_3.ppc.rpm
samba-winbind-modules-4.4.4-13.el7_3.ppc64.rpm

ppc64le:
libsmbclient-4.4.4-13.el7_3.ppc64le.rpm
libwbclient-4.4.4-13.el7_3.ppc64le.rpm
samba-4.4.4-13.el7_3.ppc64le.rpm
samba-client-4.4.4-13.el7_3.ppc64le.rpm
samba-client-libs-4.4.4-13.el7_3.ppc64le.rpm
samba-common-libs-4.4.4-13.el7_3.ppc64le.rpm
samba-common-tools-4.4.4-13.el7_3.ppc64le.rpm
samba-debuginfo-4.4.4-13.el7_3.ppc64le.rpm
samba-krb5-printing-4.4.4-13.el7_3.ppc64le.rpm
samba-libs-4.4.4-13.el7_3.ppc64le.rpm
samba-winbind-4.4.4-13.el7_3.ppc64le.rpm
samba-winbind-clients-4.4.4-13.el7_3.ppc64le.rpm
samba-winbind-modules-4.4.4-13.el7_3.ppc64le.rpm

s390x:
libsmbclient-4.4.4-13.el7_3.s390.rpm
libsmbclient-4.4.4-13.el7_3.s390x.rpm
libwbclient-4.4.4-13.el7_3.s390.rpm
libwbclient-4.4.4-13.el7_3.s390x.rpm
samba-4.4.4-13.el7_3.s390x.rpm
samba-client-4.4.4-13.el7_3.s390x.rpm
samba-client-libs-4.4.4-13.el7_3.s390.rpm
samba-client-libs-4.4.4-13.el7_3.s390x.rpm
samba-common-libs-4.4.4-13.el7_3.s390x.rpm
samba-common-tools-4.4.4-13.el7_3.s390x.rpm
samba-debuginfo-4.4.4-13.el7_3.s390.rpm
samba-debuginfo-4.4.4-13.el7_3.s390x.rpm
samba-krb5-printing-4.4.4-13.el7_3.s390x.rpm
samba-libs-4.4.4-13.el7_3.s390.rpm
samba-libs-4.4.4-13.el7_3.s390x.rpm
samba-winbind-4.4.4-13.el7_3.s390x.rpm
samba-winbind-clients-4.4.4-13.el7_3.s390x.rpm
samba-winbind-modules-4.4.4-13.el7_3.s390.rpm
samba-winbind-modules-4.4.4-13.el7_3.s390x.rpm

x86_64:
libsmbclient-4.4.4-13.el7_3.i686.rpm
libsmbclient-4.4.4-13.el7_3.x86_64.rpm
libwbclient-4.4.4-13.el7_3.i686.rpm
libwbclient-4.4.4-13.el7_3.x86_64.rpm
samba-4.4.4-13.el7_3.x86_64.rpm
samba-client-4.4.4-13.el7_3.x86_64.rpm
samba-client-libs-4.4.4-13.el7_3.i686.rpm
samba-client-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-tools-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-13.el7_3.x86_64.rpm
samba-libs-4.4.4-13.el7_3.i686.rpm
samba-libs-4.4.4-13.el7_3.x86_64.rpm
samba-python-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-13.el7_3.i686.rpm
samba-winbind-modules-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

x86_64:
ctdb-4.4.4-13.el7_3.x86_64.rpm
ctdb-tests-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
libsmbclient-devel-4.4.4-13.el7_3.aarch64.rpm
libwbclient-devel-4.4.4-13.el7_3.aarch64.rpm
samba-dc-4.4.4-13.el7_3.aarch64.rpm
samba-dc-libs-4.4.4-13.el7_3.aarch64.rpm
samba-debuginfo-4.4.4-13.el7_3.aarch64.rpm
samba-devel-4.4.4-13.el7_3.aarch64.rpm
samba-test-4.4.4-13.el7_3.aarch64.rpm
samba-test-libs-4.4.4-13.el7_3.aarch64.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.aarch64.rpm

noarch:
samba-pidl-4.4.4-13.el7_3.noarch.rpm

ppc64:
libsmbclient-devel-4.4.4-13.el7_3.ppc.rpm
libsmbclient-devel-4.4.4-13.el7_3.ppc64.rpm
libwbclient-devel-4.4.4-13.el7_3.ppc.rpm
libwbclient-devel-4.4.4-13.el7_3.ppc64.rpm
samba-dc-4.4.4-13.el7_3.ppc64.rpm
samba-dc-libs-4.4.4-13.el7_3.ppc64.rpm
samba-debuginfo-4.4.4-13.el7_3.ppc.rpm
samba-debuginfo-4.4.4-13.el7_3.ppc64.rpm
samba-devel-4.4.4-13.el7_3.ppc.rpm
samba-devel-4.4.4-13.el7_3.ppc64.rpm
samba-python-4.4.4-13.el7_3.ppc64.rpm
samba-test-4.4.4-13.el7_3.ppc64.rpm
samba-test-libs-4.4.4-13.el7_3.ppc.rpm
samba-test-libs-4.4.4-13.el7_3.ppc64.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.ppc64.rpm

ppc64le:
libsmbclient-devel-4.4.4-13.el7_3.ppc64le.rpm
libwbclient-devel-4.4.4-13.el7_3.ppc64le.rpm
samba-dc-4.4.4-13.el7_3.ppc64le.rpm
samba-dc-libs-4.4.4-13.el7_3.ppc64le.rpm
samba-debuginfo-4.4.4-13.el7_3.ppc64le.rpm
samba-devel-4.4.4-13.el7_3.ppc64le.rpm
samba-python-4.4.4-13.el7_3.ppc64le.rpm
samba-test-4.4.4-13.el7_3.ppc64le.rpm
samba-test-libs-4.4.4-13.el7_3.ppc64le.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.ppc64le.rpm

s390x:
libsmbclient-devel-4.4.4-13.el7_3.s390.rpm
libsmbclient-devel-4.4.4-13.el7_3.s390x.rpm
libwbclient-devel-4.4.4-13.el7_3.s390.rpm
libwbclient-devel-4.4.4-13.el7_3.s390x.rpm
samba-dc-4.4.4-13.el7_3.s390x.rpm
samba-dc-libs-4.4.4-13.el7_3.s390x.rpm
samba-debuginfo-4.4.4-13.el7_3.s390.rpm
samba-debuginfo-4.4.4-13.el7_3.s390x.rpm
samba-devel-4.4.4-13.el7_3.s390.rpm
samba-devel-4.4.4-13.el7_3.s390x.rpm
samba-python-4.4.4-13.el7_3.s390x.rpm
samba-test-4.4.4-13.el7_3.s390x.rpm
samba-test-libs-4.4.4-13.el7_3.s390.rpm
samba-test-libs-4.4.4-13.el7_3.s390x.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.s390x.rpm

x86_64:
libsmbclient-devel-4.4.4-13.el7_3.i686.rpm
libsmbclient-devel-4.4.4-13.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-13.el7_3.i686.rpm
libwbclient-devel-4.4.4-13.el7_3.x86_64.rpm
samba-dc-4.4.4-13.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-devel-4.4.4-13.el7_3.i686.rpm
samba-devel-4.4.4-13.el7_3.x86_64.rpm
samba-test-4.4.4-13.el7_3.x86_64.rpm
samba-test-libs-4.4.4-13.el7_3.i686.rpm
samba-test-libs-4.4.4-13.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
samba-4.4.4-13.el7_3.src.rpm

noarch:
samba-common-4.4.4-13.el7_3.noarch.rpm

x86_64:
libsmbclient-4.4.4-13.el7_3.i686.rpm
libsmbclient-4.4.4-13.el7_3.x86_64.rpm
libwbclient-4.4.4-13.el7_3.i686.rpm
libwbclient-4.4.4-13.el7_3.x86_64.rpm
samba-4.4.4-13.el7_3.x86_64.rpm
samba-client-4.4.4-13.el7_3.x86_64.rpm
samba-client-libs-4.4.4-13.el7_3.i686.rpm
samba-client-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-libs-4.4.4-13.el7_3.x86_64.rpm
samba-common-tools-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-13.el7_3.x86_64.rpm
samba-libs-4.4.4-13.el7_3.i686.rpm
samba-libs-4.4.4-13.el7_3.x86_64.rpm
samba-python-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-13.el7_3.i686.rpm
samba-winbind-modules-4.4.4-13.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
samba-pidl-4.4.4-13.el7_3.noarch.rpm

x86_64:
libsmbclient-devel-4.4.4-13.el7_3.i686.rpm
libsmbclient-devel-4.4.4-13.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-13.el7_3.i686.rpm
libwbclient-devel-4.4.4-13.el7_3.x86_64.rpm
samba-dc-4.4.4-13.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-13.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-13.el7_3.i686.rpm
samba-debuginfo-4.4.4-13.el7_3.x86_64.rpm
samba-devel-4.4.4-13.el7_3.i686.rpm
samba-devel-4.4.4-13.el7_3.x86_64.rpm
samba-test-4.4.4-13.el7_3.x86_64.rpm
samba-test-libs-4.4.4-13.el7_3.i686.rpm
samba-test-libs-4.4.4-13.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-13.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-13.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-2125
https://access.redhat.com/security/cve/CVE-2016-2126
https://access.redhat.com/security/cve/CVE-2017-2619
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZIr16XlSAg2UNWIIRApIoAKCIsiKcWKiCSBb+9mMJLMARG86ebwCgqObr
Yn3444NvqQr9tn1E2HtQwjE=
=mb+I
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 23 13:18:01 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 23 May 2017 09:18:01 -0400
Subject: [RHSA-2017:1267-01] Important: rpcbind security update
Message-ID: <201705231318.v4NDI1qT019696@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rpcbind security update
Advisory ID:       RHSA-2017:1267-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1267
Issue date:        2017-05-23
CVE Names:         CVE-2017-8779 
=====================================================================

1. Summary:

An update for rpcbind is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The rpcbind utility is a server that converts Remote Procedure Call (RPC)
program numbers into universal addresses. It must be running on the host to
be able to make RPC calls on a server on that machine.

Security Fix(es):

* It was found that due to the way rpcbind uses libtirpc (libntirpc), a
memory leak can occur when parsing specially crafted XDR messages. An
attacker sending thousands of messages to rpcbind could cause its memory
usage to grow without bound, eventually causing it to be terminated by the
OOM killer. (CVE-2017-8779)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1448124 - CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
rpcbind-0.2.0-13.el6_9.src.rpm

i386:
rpcbind-0.2.0-13.el6_9.i686.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm

x86_64:
rpcbind-0.2.0-13.el6_9.x86_64.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
rpcbind-0.2.0-13.el6_9.src.rpm

x86_64:
rpcbind-0.2.0-13.el6_9.x86_64.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
rpcbind-0.2.0-13.el6_9.src.rpm

i386:
rpcbind-0.2.0-13.el6_9.i686.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm

ppc64:
rpcbind-0.2.0-13.el6_9.ppc64.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.ppc64.rpm

s390x:
rpcbind-0.2.0-13.el6_9.s390x.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.s390x.rpm

x86_64:
rpcbind-0.2.0-13.el6_9.x86_64.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
rpcbind-0.2.0-13.el6_9.src.rpm

i386:
rpcbind-0.2.0-13.el6_9.i686.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm

x86_64:
rpcbind-0.2.0-13.el6_9.x86_64.rpm
rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-8779
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJDaaXlSAg2UNWIIRAtmIAJ9YnpnT252HvqlJC7rWZKDVQYzjswCgwgVs
u8uZenXYjXJ2txFOCmwBmGw=
=nJZJ
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May 23 13:18:26 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 23 May 2017 09:18:26 -0400
Subject: [RHSA-2017:1268-01] Important: libtirpc security update
Message-ID: <201705231318.v4NDIQDC019727@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libtirpc security update
Advisory ID:       RHSA-2017:1268-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1268
Issue date:        2017-05-23
CVE Names:         CVE-2017-8779 
=====================================================================

1. Summary:

An update for libtirpc is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The libtirpc packages contain SunLib's implementation of
transport-independent remote procedure call (TI-RPC) documentation, which
includes a library required by programs in the nfs-utils and rpcbind
packages.

Security Fix(es):

* It was found that due to the way rpcbind uses libtirpc (libntirpc), a
memory leak can occur when parsing specially crafted XDR messages. An
attacker sending thousands of messages to rpcbind could cause its memory
usage to grow without bound, eventually causing it to be terminated by the
OOM killer. (CVE-2017-8779)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1448124 - CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
libtirpc-0.2.1-13.el6_9.src.rpm

i386:
libtirpc-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm

x86_64:
libtirpc-0.2.1-13.el6_9.i686.rpm
libtirpc-0.2.1-13.el6_9.x86_64.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-devel-0.2.1-13.el6_9.i686.rpm

x86_64:
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm
libtirpc-devel-0.2.1-13.el6_9.i686.rpm
libtirpc-devel-0.2.1-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
libtirpc-0.2.1-13.el6_9.src.rpm

x86_64:
libtirpc-0.2.1-13.el6_9.i686.rpm
libtirpc-0.2.1-13.el6_9.x86_64.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm
libtirpc-devel-0.2.1-13.el6_9.i686.rpm
libtirpc-devel-0.2.1-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
libtirpc-0.2.1-13.el6_9.src.rpm

i386:
libtirpc-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm

ppc64:
libtirpc-0.2.1-13.el6_9.ppc.rpm
libtirpc-0.2.1-13.el6_9.ppc64.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.ppc.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.ppc64.rpm

s390x:
libtirpc-0.2.1-13.el6_9.s390.rpm
libtirpc-0.2.1-13.el6_9.s390x.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.s390.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.s390x.rpm

x86_64:
libtirpc-0.2.1-13.el6_9.i686.rpm
libtirpc-0.2.1-13.el6_9.x86_64.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-devel-0.2.1-13.el6_9.i686.rpm

ppc64:
libtirpc-debuginfo-0.2.1-13.el6_9.ppc.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.ppc64.rpm
libtirpc-devel-0.2.1-13.el6_9.ppc.rpm
libtirpc-devel-0.2.1-13.el6_9.ppc64.rpm

s390x:
libtirpc-debuginfo-0.2.1-13.el6_9.s390.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.s390x.rpm
libtirpc-devel-0.2.1-13.el6_9.s390.rpm
libtirpc-devel-0.2.1-13.el6_9.s390x.rpm

x86_64:
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm
libtirpc-devel-0.2.1-13.el6_9.i686.rpm
libtirpc-devel-0.2.1-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
libtirpc-0.2.1-13.el6_9.src.rpm

i386:
libtirpc-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm

x86_64:
libtirpc-0.2.1-13.el6_9.i686.rpm
libtirpc-0.2.1-13.el6_9.x86_64.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-devel-0.2.1-13.el6_9.i686.rpm

x86_64:
libtirpc-debuginfo-0.2.1-13.el6_9.i686.rpm
libtirpc-debuginfo-0.2.1-13.el6_9.x86_64.rpm
libtirpc-devel-0.2.1-13.el6_9.i686.rpm
libtirpc-devel-0.2.1-13.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-8779
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJDa1XlSAg2UNWIIRAstpAKCpms0OYxGMRJzVnniGRn3caj2k/ACfbObZ
4h2vjx8LZ6ISVQEpc7aP4D0=
=7rhI
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Wed May 24 12:20:47 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 24 May 2017 12:20:47 +0000
Subject: [RHSA-2017:1270-01] Important: samba security update
Message-ID: <201705241221.v4OCL0NP032752@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: samba security update
Advisory ID:       RHSA-2017:1270-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1270
Issue date:        2017-05-24
CVE Names:         CVE-2017-7494 
=====================================================================

1. Summary:

An update for samba is now available for Red Hat Enterprise Linux 6 and Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.

Security Fix(es):

* A remote code execution flaw was found in Samba. A malicious
authenticated samba client, having write access to the samba share, could
use this flaw to execute arbitrary code as root. (CVE-2017-7494)

Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges steelo as the original reporter.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1450347 - CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
samba-3.6.23-43.el6_9.src.rpm

i386:
libsmbclient-3.6.23-43.el6_9.i686.rpm
samba-client-3.6.23-43.el6_9.i686.rpm
samba-common-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-winbind-3.6.23-43.el6_9.i686.rpm
samba-winbind-clients-3.6.23-43.el6_9.i686.rpm

x86_64:
libsmbclient-3.6.23-43.el6_9.i686.rpm
libsmbclient-3.6.23-43.el6_9.x86_64.rpm
samba-client-3.6.23-43.el6_9.x86_64.rpm
samba-common-3.6.23-43.el6_9.i686.rpm
samba-common-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-clients-3.6.23-43.el6_9.i686.rpm
samba-winbind-clients-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
samba-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-doc-3.6.23-43.el6_9.i686.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.i686.rpm
samba-swat-3.6.23-43.el6_9.i686.rpm
samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.i686.rpm

x86_64:
libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
libsmbclient-devel-3.6.23-43.el6_9.x86_64.rpm
samba-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-doc-3.6.23-43.el6_9.x86_64.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.x86_64.rpm
samba-glusterfs-3.6.23-43.el6_9.x86_64.rpm
samba-swat-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
samba-winbind-devel-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
samba-3.6.23-43.el6_9.src.rpm

x86_64:
samba-client-3.6.23-43.el6_9.x86_64.rpm
samba-common-3.6.23-43.el6_9.i686.rpm
samba-common-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-clients-3.6.23-43.el6_9.i686.rpm
samba-winbind-clients-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
libsmbclient-3.6.23-43.el6_9.i686.rpm
libsmbclient-3.6.23-43.el6_9.x86_64.rpm
libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
libsmbclient-devel-3.6.23-43.el6_9.x86_64.rpm
samba-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-doc-3.6.23-43.el6_9.x86_64.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.x86_64.rpm
samba-glusterfs-3.6.23-43.el6_9.x86_64.rpm
samba-swat-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
samba-winbind-devel-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
samba-3.6.23-43.el6_9.src.rpm

i386:
libsmbclient-3.6.23-43.el6_9.i686.rpm
samba-3.6.23-43.el6_9.i686.rpm
samba-client-3.6.23-43.el6_9.i686.rpm
samba-common-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-winbind-3.6.23-43.el6_9.i686.rpm
samba-winbind-clients-3.6.23-43.el6_9.i686.rpm

ppc64:
libsmbclient-3.6.23-43.el6_9.ppc.rpm
libsmbclient-3.6.23-43.el6_9.ppc64.rpm
samba-3.6.23-43.el6_9.ppc64.rpm
samba-client-3.6.23-43.el6_9.ppc64.rpm
samba-common-3.6.23-43.el6_9.ppc.rpm
samba-common-3.6.23-43.el6_9.ppc64.rpm
samba-debuginfo-3.6.23-43.el6_9.ppc.rpm
samba-debuginfo-3.6.23-43.el6_9.ppc64.rpm
samba-winbind-3.6.23-43.el6_9.ppc64.rpm
samba-winbind-clients-3.6.23-43.el6_9.ppc.rpm
samba-winbind-clients-3.6.23-43.el6_9.ppc64.rpm

s390x:
libsmbclient-3.6.23-43.el6_9.s390.rpm
libsmbclient-3.6.23-43.el6_9.s390x.rpm
samba-3.6.23-43.el6_9.s390x.rpm
samba-client-3.6.23-43.el6_9.s390x.rpm
samba-common-3.6.23-43.el6_9.s390.rpm
samba-common-3.6.23-43.el6_9.s390x.rpm
samba-debuginfo-3.6.23-43.el6_9.s390.rpm
samba-debuginfo-3.6.23-43.el6_9.s390x.rpm
samba-winbind-3.6.23-43.el6_9.s390x.rpm
samba-winbind-clients-3.6.23-43.el6_9.s390.rpm
samba-winbind-clients-3.6.23-43.el6_9.s390x.rpm

x86_64:
libsmbclient-3.6.23-43.el6_9.i686.rpm
libsmbclient-3.6.23-43.el6_9.x86_64.rpm
samba-3.6.23-43.el6_9.x86_64.rpm
samba-client-3.6.23-43.el6_9.x86_64.rpm
samba-common-3.6.23-43.el6_9.i686.rpm
samba-common-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-clients-3.6.23-43.el6_9.i686.rpm
samba-winbind-clients-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-doc-3.6.23-43.el6_9.i686.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.i686.rpm
samba-swat-3.6.23-43.el6_9.i686.rpm
samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.i686.rpm

ppc64:
libsmbclient-devel-3.6.23-43.el6_9.ppc.rpm
libsmbclient-devel-3.6.23-43.el6_9.ppc64.rpm
samba-debuginfo-3.6.23-43.el6_9.ppc.rpm
samba-debuginfo-3.6.23-43.el6_9.ppc64.rpm
samba-doc-3.6.23-43.el6_9.ppc64.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.ppc64.rpm
samba-swat-3.6.23-43.el6_9.ppc64.rpm
samba-winbind-devel-3.6.23-43.el6_9.ppc.rpm
samba-winbind-devel-3.6.23-43.el6_9.ppc64.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.ppc64.rpm

s390x:
libsmbclient-devel-3.6.23-43.el6_9.s390.rpm
libsmbclient-devel-3.6.23-43.el6_9.s390x.rpm
samba-debuginfo-3.6.23-43.el6_9.s390.rpm
samba-debuginfo-3.6.23-43.el6_9.s390x.rpm
samba-doc-3.6.23-43.el6_9.s390x.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.s390x.rpm
samba-swat-3.6.23-43.el6_9.s390x.rpm
samba-winbind-devel-3.6.23-43.el6_9.s390.rpm
samba-winbind-devel-3.6.23-43.el6_9.s390x.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.s390x.rpm

x86_64:
libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
libsmbclient-devel-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-doc-3.6.23-43.el6_9.x86_64.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.x86_64.rpm
samba-glusterfs-3.6.23-43.el6_9.x86_64.rpm
samba-swat-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
samba-winbind-devel-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
samba-3.6.23-43.el6_9.src.rpm

i386:
libsmbclient-3.6.23-43.el6_9.i686.rpm
samba-3.6.23-43.el6_9.i686.rpm
samba-client-3.6.23-43.el6_9.i686.rpm
samba-common-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-winbind-3.6.23-43.el6_9.i686.rpm
samba-winbind-clients-3.6.23-43.el6_9.i686.rpm

x86_64:
libsmbclient-3.6.23-43.el6_9.i686.rpm
libsmbclient-3.6.23-43.el6_9.x86_64.rpm
samba-3.6.23-43.el6_9.x86_64.rpm
samba-client-3.6.23-43.el6_9.x86_64.rpm
samba-common-3.6.23-43.el6_9.i686.rpm
samba-common-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-clients-3.6.23-43.el6_9.i686.rpm
samba-winbind-clients-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-doc-3.6.23-43.el6_9.i686.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.i686.rpm
samba-swat-3.6.23-43.el6_9.i686.rpm
samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.i686.rpm

x86_64:
libsmbclient-devel-3.6.23-43.el6_9.i686.rpm
libsmbclient-devel-3.6.23-43.el6_9.x86_64.rpm
samba-debuginfo-3.6.23-43.el6_9.i686.rpm
samba-debuginfo-3.6.23-43.el6_9.x86_64.rpm
samba-doc-3.6.23-43.el6_9.x86_64.rpm
samba-domainjoin-gui-3.6.23-43.el6_9.x86_64.rpm
samba-glusterfs-3.6.23-43.el6_9.x86_64.rpm
samba-swat-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-devel-3.6.23-43.el6_9.i686.rpm
samba-winbind-devel-3.6.23-43.el6_9.x86_64.rpm
samba-winbind-krb5-locator-3.6.23-43.el6_9.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
samba-4.4.4-14.el7_3.src.rpm

noarch:
samba-common-4.4.4-14.el7_3.noarch.rpm

x86_64:
libsmbclient-4.4.4-14.el7_3.i686.rpm
libsmbclient-4.4.4-14.el7_3.x86_64.rpm
libwbclient-4.4.4-14.el7_3.i686.rpm
libwbclient-4.4.4-14.el7_3.x86_64.rpm
samba-client-4.4.4-14.el7_3.x86_64.rpm
samba-client-libs-4.4.4-14.el7_3.i686.rpm
samba-client-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-tools-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-14.el7_3.x86_64.rpm
samba-libs-4.4.4-14.el7_3.i686.rpm
samba-libs-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-14.el7_3.i686.rpm
samba-winbind-modules-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
samba-pidl-4.4.4-14.el7_3.noarch.rpm

x86_64:
libsmbclient-devel-4.4.4-14.el7_3.i686.rpm
libsmbclient-devel-4.4.4-14.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-14.el7_3.i686.rpm
libwbclient-devel-4.4.4-14.el7_3.x86_64.rpm
samba-4.4.4-14.el7_3.x86_64.rpm
samba-dc-4.4.4-14.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-devel-4.4.4-14.el7_3.i686.rpm
samba-devel-4.4.4-14.el7_3.x86_64.rpm
samba-python-4.4.4-14.el7_3.x86_64.rpm
samba-test-4.4.4-14.el7_3.x86_64.rpm
samba-test-libs-4.4.4-14.el7_3.i686.rpm
samba-test-libs-4.4.4-14.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
samba-4.4.4-14.el7_3.src.rpm

noarch:
samba-common-4.4.4-14.el7_3.noarch.rpm

x86_64:
libsmbclient-4.4.4-14.el7_3.i686.rpm
libsmbclient-4.4.4-14.el7_3.x86_64.rpm
libwbclient-4.4.4-14.el7_3.i686.rpm
libwbclient-4.4.4-14.el7_3.x86_64.rpm
samba-client-4.4.4-14.el7_3.x86_64.rpm
samba-client-libs-4.4.4-14.el7_3.i686.rpm
samba-client-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-tools-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-libs-4.4.4-14.el7_3.i686.rpm
samba-libs-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-14.el7_3.i686.rpm
samba-winbind-modules-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
samba-pidl-4.4.4-14.el7_3.noarch.rpm

x86_64:
libsmbclient-devel-4.4.4-14.el7_3.i686.rpm
libsmbclient-devel-4.4.4-14.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-14.el7_3.i686.rpm
libwbclient-devel-4.4.4-14.el7_3.x86_64.rpm
samba-4.4.4-14.el7_3.x86_64.rpm
samba-dc-4.4.4-14.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-devel-4.4.4-14.el7_3.i686.rpm
samba-devel-4.4.4-14.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-14.el7_3.x86_64.rpm
samba-python-4.4.4-14.el7_3.x86_64.rpm
samba-test-4.4.4-14.el7_3.x86_64.rpm
samba-test-libs-4.4.4-14.el7_3.i686.rpm
samba-test-libs-4.4.4-14.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
samba-4.4.4-14.el7_3.src.rpm

aarch64:
libsmbclient-4.4.4-14.el7_3.aarch64.rpm
libwbclient-4.4.4-14.el7_3.aarch64.rpm
samba-4.4.4-14.el7_3.aarch64.rpm
samba-client-4.4.4-14.el7_3.aarch64.rpm
samba-client-libs-4.4.4-14.el7_3.aarch64.rpm
samba-common-libs-4.4.4-14.el7_3.aarch64.rpm
samba-common-tools-4.4.4-14.el7_3.aarch64.rpm
samba-debuginfo-4.4.4-14.el7_3.aarch64.rpm
samba-krb5-printing-4.4.4-14.el7_3.aarch64.rpm
samba-libs-4.4.4-14.el7_3.aarch64.rpm
samba-python-4.4.4-14.el7_3.aarch64.rpm
samba-winbind-4.4.4-14.el7_3.aarch64.rpm
samba-winbind-clients-4.4.4-14.el7_3.aarch64.rpm
samba-winbind-modules-4.4.4-14.el7_3.aarch64.rpm

noarch:
samba-common-4.4.4-14.el7_3.noarch.rpm

ppc64:
libsmbclient-4.4.4-14.el7_3.ppc.rpm
libsmbclient-4.4.4-14.el7_3.ppc64.rpm
libwbclient-4.4.4-14.el7_3.ppc.rpm
libwbclient-4.4.4-14.el7_3.ppc64.rpm
samba-4.4.4-14.el7_3.ppc64.rpm
samba-client-4.4.4-14.el7_3.ppc64.rpm
samba-client-libs-4.4.4-14.el7_3.ppc.rpm
samba-client-libs-4.4.4-14.el7_3.ppc64.rpm
samba-common-libs-4.4.4-14.el7_3.ppc64.rpm
samba-common-tools-4.4.4-14.el7_3.ppc64.rpm
samba-debuginfo-4.4.4-14.el7_3.ppc.rpm
samba-debuginfo-4.4.4-14.el7_3.ppc64.rpm
samba-krb5-printing-4.4.4-14.el7_3.ppc64.rpm
samba-libs-4.4.4-14.el7_3.ppc.rpm
samba-libs-4.4.4-14.el7_3.ppc64.rpm
samba-winbind-4.4.4-14.el7_3.ppc64.rpm
samba-winbind-clients-4.4.4-14.el7_3.ppc64.rpm
samba-winbind-modules-4.4.4-14.el7_3.ppc.rpm
samba-winbind-modules-4.4.4-14.el7_3.ppc64.rpm

ppc64le:
libsmbclient-4.4.4-14.el7_3.ppc64le.rpm
libwbclient-4.4.4-14.el7_3.ppc64le.rpm
samba-4.4.4-14.el7_3.ppc64le.rpm
samba-client-4.4.4-14.el7_3.ppc64le.rpm
samba-client-libs-4.4.4-14.el7_3.ppc64le.rpm
samba-common-libs-4.4.4-14.el7_3.ppc64le.rpm
samba-common-tools-4.4.4-14.el7_3.ppc64le.rpm
samba-debuginfo-4.4.4-14.el7_3.ppc64le.rpm
samba-krb5-printing-4.4.4-14.el7_3.ppc64le.rpm
samba-libs-4.4.4-14.el7_3.ppc64le.rpm
samba-winbind-4.4.4-14.el7_3.ppc64le.rpm
samba-winbind-clients-4.4.4-14.el7_3.ppc64le.rpm
samba-winbind-modules-4.4.4-14.el7_3.ppc64le.rpm

s390x:
libsmbclient-4.4.4-14.el7_3.s390.rpm
libsmbclient-4.4.4-14.el7_3.s390x.rpm
libwbclient-4.4.4-14.el7_3.s390.rpm
libwbclient-4.4.4-14.el7_3.s390x.rpm
samba-4.4.4-14.el7_3.s390x.rpm
samba-client-4.4.4-14.el7_3.s390x.rpm
samba-client-libs-4.4.4-14.el7_3.s390.rpm
samba-client-libs-4.4.4-14.el7_3.s390x.rpm
samba-common-libs-4.4.4-14.el7_3.s390x.rpm
samba-common-tools-4.4.4-14.el7_3.s390x.rpm
samba-debuginfo-4.4.4-14.el7_3.s390.rpm
samba-debuginfo-4.4.4-14.el7_3.s390x.rpm
samba-krb5-printing-4.4.4-14.el7_3.s390x.rpm
samba-libs-4.4.4-14.el7_3.s390.rpm
samba-libs-4.4.4-14.el7_3.s390x.rpm
samba-winbind-4.4.4-14.el7_3.s390x.rpm
samba-winbind-clients-4.4.4-14.el7_3.s390x.rpm
samba-winbind-modules-4.4.4-14.el7_3.s390.rpm
samba-winbind-modules-4.4.4-14.el7_3.s390x.rpm

x86_64:
libsmbclient-4.4.4-14.el7_3.i686.rpm
libsmbclient-4.4.4-14.el7_3.x86_64.rpm
libwbclient-4.4.4-14.el7_3.i686.rpm
libwbclient-4.4.4-14.el7_3.x86_64.rpm
samba-4.4.4-14.el7_3.x86_64.rpm
samba-client-4.4.4-14.el7_3.x86_64.rpm
samba-client-libs-4.4.4-14.el7_3.i686.rpm
samba-client-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-tools-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-14.el7_3.x86_64.rpm
samba-libs-4.4.4-14.el7_3.i686.rpm
samba-libs-4.4.4-14.el7_3.x86_64.rpm
samba-python-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-14.el7_3.i686.rpm
samba-winbind-modules-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

x86_64:
ctdb-4.4.4-14.el7_3.x86_64.rpm
ctdb-tests-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
libsmbclient-devel-4.4.4-14.el7_3.aarch64.rpm
libwbclient-devel-4.4.4-14.el7_3.aarch64.rpm
samba-dc-4.4.4-14.el7_3.aarch64.rpm
samba-dc-libs-4.4.4-14.el7_3.aarch64.rpm
samba-debuginfo-4.4.4-14.el7_3.aarch64.rpm
samba-devel-4.4.4-14.el7_3.aarch64.rpm
samba-test-4.4.4-14.el7_3.aarch64.rpm
samba-test-libs-4.4.4-14.el7_3.aarch64.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.aarch64.rpm

noarch:
samba-pidl-4.4.4-14.el7_3.noarch.rpm

ppc64:
libsmbclient-devel-4.4.4-14.el7_3.ppc.rpm
libsmbclient-devel-4.4.4-14.el7_3.ppc64.rpm
libwbclient-devel-4.4.4-14.el7_3.ppc.rpm
libwbclient-devel-4.4.4-14.el7_3.ppc64.rpm
samba-dc-4.4.4-14.el7_3.ppc64.rpm
samba-dc-libs-4.4.4-14.el7_3.ppc64.rpm
samba-debuginfo-4.4.4-14.el7_3.ppc.rpm
samba-debuginfo-4.4.4-14.el7_3.ppc64.rpm
samba-devel-4.4.4-14.el7_3.ppc.rpm
samba-devel-4.4.4-14.el7_3.ppc64.rpm
samba-python-4.4.4-14.el7_3.ppc64.rpm
samba-test-4.4.4-14.el7_3.ppc64.rpm
samba-test-libs-4.4.4-14.el7_3.ppc.rpm
samba-test-libs-4.4.4-14.el7_3.ppc64.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.ppc64.rpm

ppc64le:
libsmbclient-devel-4.4.4-14.el7_3.ppc64le.rpm
libwbclient-devel-4.4.4-14.el7_3.ppc64le.rpm
samba-dc-4.4.4-14.el7_3.ppc64le.rpm
samba-dc-libs-4.4.4-14.el7_3.ppc64le.rpm
samba-debuginfo-4.4.4-14.el7_3.ppc64le.rpm
samba-devel-4.4.4-14.el7_3.ppc64le.rpm
samba-python-4.4.4-14.el7_3.ppc64le.rpm
samba-test-4.4.4-14.el7_3.ppc64le.rpm
samba-test-libs-4.4.4-14.el7_3.ppc64le.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.ppc64le.rpm

s390x:
libsmbclient-devel-4.4.4-14.el7_3.s390.rpm
libsmbclient-devel-4.4.4-14.el7_3.s390x.rpm
libwbclient-devel-4.4.4-14.el7_3.s390.rpm
libwbclient-devel-4.4.4-14.el7_3.s390x.rpm
samba-dc-4.4.4-14.el7_3.s390x.rpm
samba-dc-libs-4.4.4-14.el7_3.s390x.rpm
samba-debuginfo-4.4.4-14.el7_3.s390.rpm
samba-debuginfo-4.4.4-14.el7_3.s390x.rpm
samba-devel-4.4.4-14.el7_3.s390.rpm
samba-devel-4.4.4-14.el7_3.s390x.rpm
samba-python-4.4.4-14.el7_3.s390x.rpm
samba-test-4.4.4-14.el7_3.s390x.rpm
samba-test-libs-4.4.4-14.el7_3.s390.rpm
samba-test-libs-4.4.4-14.el7_3.s390x.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.s390x.rpm

x86_64:
libsmbclient-devel-4.4.4-14.el7_3.i686.rpm
libsmbclient-devel-4.4.4-14.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-14.el7_3.i686.rpm
libwbclient-devel-4.4.4-14.el7_3.x86_64.rpm
samba-dc-4.4.4-14.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-devel-4.4.4-14.el7_3.i686.rpm
samba-devel-4.4.4-14.el7_3.x86_64.rpm
samba-test-4.4.4-14.el7_3.x86_64.rpm
samba-test-libs-4.4.4-14.el7_3.i686.rpm
samba-test-libs-4.4.4-14.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
samba-4.4.4-14.el7_3.src.rpm

noarch:
samba-common-4.4.4-14.el7_3.noarch.rpm

x86_64:
libsmbclient-4.4.4-14.el7_3.i686.rpm
libsmbclient-4.4.4-14.el7_3.x86_64.rpm
libwbclient-4.4.4-14.el7_3.i686.rpm
libwbclient-4.4.4-14.el7_3.x86_64.rpm
samba-4.4.4-14.el7_3.x86_64.rpm
samba-client-4.4.4-14.el7_3.x86_64.rpm
samba-client-libs-4.4.4-14.el7_3.i686.rpm
samba-client-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-libs-4.4.4-14.el7_3.x86_64.rpm
samba-common-tools-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-krb5-printing-4.4.4-14.el7_3.x86_64.rpm
samba-libs-4.4.4-14.el7_3.i686.rpm
samba-libs-4.4.4-14.el7_3.x86_64.rpm
samba-python-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-clients-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-modules-4.4.4-14.el7_3.i686.rpm
samba-winbind-modules-4.4.4-14.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
samba-pidl-4.4.4-14.el7_3.noarch.rpm

x86_64:
libsmbclient-devel-4.4.4-14.el7_3.i686.rpm
libsmbclient-devel-4.4.4-14.el7_3.x86_64.rpm
libwbclient-devel-4.4.4-14.el7_3.i686.rpm
libwbclient-devel-4.4.4-14.el7_3.x86_64.rpm
samba-dc-4.4.4-14.el7_3.x86_64.rpm
samba-dc-libs-4.4.4-14.el7_3.x86_64.rpm
samba-debuginfo-4.4.4-14.el7_3.i686.rpm
samba-debuginfo-4.4.4-14.el7_3.x86_64.rpm
samba-devel-4.4.4-14.el7_3.i686.rpm
samba-devel-4.4.4-14.el7_3.x86_64.rpm
samba-test-4.4.4-14.el7_3.x86_64.rpm
samba-test-libs-4.4.4-14.el7_3.i686.rpm
samba-test-libs-4.4.4-14.el7_3.x86_64.rpm
samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64.rpm
samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7494
https://access.redhat.com/security/updates/classification/#important
https://www.samba.org/samba/security/CVE-2017-7494.html
https://access.redhat.com/security/vulnerabilities/3034621

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJXqyXlSAg2UNWIIRAtptAKCfcN34qp2iYVg5lqkUIe8dl7OX/QCgpDSe
7/PJLDQVmMdARtfZc0VRNsE=
=cANN
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 24 12:21:50 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 24 May 2017 12:21:50 +0000
Subject: [RHSA-2017:1271-01] Important: samba4 security update
Message-ID: <201705241222.v4OCM1Ck000660@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: samba4 security update
Advisory ID:       RHSA-2017:1271-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1271
Issue date:        2017-05-24
CVE Names:         CVE-2017-7494 
=====================================================================

1. Summary:

An update for samba4 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

Security Fix(es):

* A remote code execution flaw was found in Samba. A malicious
authenticated samba client, having write access to the samba share, could
use this flaw to execute arbitrary code as root. (CVE-2017-7494)

Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges steelo as the original reporter.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1450347 - CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
samba4-4.2.10-10.el6_9.src.rpm

i386:
samba4-4.2.10-10.el6_9.i686.rpm
samba4-client-4.2.10-10.el6_9.i686.rpm
samba4-common-4.2.10-10.el6_9.i686.rpm
samba4-dc-4.2.10-10.el6_9.i686.rpm
samba4-dc-libs-4.2.10-10.el6_9.i686.rpm
samba4-debuginfo-4.2.10-10.el6_9.i686.rpm
samba4-devel-4.2.10-10.el6_9.i686.rpm
samba4-libs-4.2.10-10.el6_9.i686.rpm
samba4-pidl-4.2.10-10.el6_9.i686.rpm
samba4-python-4.2.10-10.el6_9.i686.rpm
samba4-test-4.2.10-10.el6_9.i686.rpm
samba4-winbind-4.2.10-10.el6_9.i686.rpm
samba4-winbind-clients-4.2.10-10.el6_9.i686.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.i686.rpm

x86_64:
samba4-4.2.10-10.el6_9.x86_64.rpm
samba4-client-4.2.10-10.el6_9.x86_64.rpm
samba4-common-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-debuginfo-4.2.10-10.el6_9.x86_64.rpm
samba4-devel-4.2.10-10.el6_9.x86_64.rpm
samba4-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-pidl-4.2.10-10.el6_9.x86_64.rpm
samba4-python-4.2.10-10.el6_9.x86_64.rpm
samba4-test-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-clients-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
samba4-4.2.10-10.el6_9.src.rpm

x86_64:
samba4-4.2.10-10.el6_9.x86_64.rpm
samba4-client-4.2.10-10.el6_9.x86_64.rpm
samba4-common-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-debuginfo-4.2.10-10.el6_9.x86_64.rpm
samba4-devel-4.2.10-10.el6_9.x86_64.rpm
samba4-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-pidl-4.2.10-10.el6_9.x86_64.rpm
samba4-python-4.2.10-10.el6_9.x86_64.rpm
samba4-test-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-clients-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
samba4-4.2.10-10.el6_9.src.rpm

i386:
samba4-4.2.10-10.el6_9.i686.rpm
samba4-client-4.2.10-10.el6_9.i686.rpm
samba4-common-4.2.10-10.el6_9.i686.rpm
samba4-dc-4.2.10-10.el6_9.i686.rpm
samba4-dc-libs-4.2.10-10.el6_9.i686.rpm
samba4-debuginfo-4.2.10-10.el6_9.i686.rpm
samba4-devel-4.2.10-10.el6_9.i686.rpm
samba4-libs-4.2.10-10.el6_9.i686.rpm
samba4-pidl-4.2.10-10.el6_9.i686.rpm
samba4-python-4.2.10-10.el6_9.i686.rpm
samba4-test-4.2.10-10.el6_9.i686.rpm
samba4-winbind-4.2.10-10.el6_9.i686.rpm
samba4-winbind-clients-4.2.10-10.el6_9.i686.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.i686.rpm

ppc64:
samba4-4.2.10-10.el6_9.ppc64.rpm
samba4-client-4.2.10-10.el6_9.ppc64.rpm
samba4-common-4.2.10-10.el6_9.ppc64.rpm
samba4-dc-4.2.10-10.el6_9.ppc64.rpm
samba4-dc-libs-4.2.10-10.el6_9.ppc64.rpm
samba4-debuginfo-4.2.10-10.el6_9.ppc64.rpm
samba4-devel-4.2.10-10.el6_9.ppc64.rpm
samba4-libs-4.2.10-10.el6_9.ppc64.rpm
samba4-pidl-4.2.10-10.el6_9.ppc64.rpm
samba4-python-4.2.10-10.el6_9.ppc64.rpm
samba4-test-4.2.10-10.el6_9.ppc64.rpm
samba4-winbind-4.2.10-10.el6_9.ppc64.rpm
samba4-winbind-clients-4.2.10-10.el6_9.ppc64.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.ppc64.rpm

s390x:
samba4-4.2.10-10.el6_9.s390x.rpm
samba4-client-4.2.10-10.el6_9.s390x.rpm
samba4-common-4.2.10-10.el6_9.s390x.rpm
samba4-dc-4.2.10-10.el6_9.s390x.rpm
samba4-dc-libs-4.2.10-10.el6_9.s390x.rpm
samba4-debuginfo-4.2.10-10.el6_9.s390x.rpm
samba4-devel-4.2.10-10.el6_9.s390x.rpm
samba4-libs-4.2.10-10.el6_9.s390x.rpm
samba4-pidl-4.2.10-10.el6_9.s390x.rpm
samba4-python-4.2.10-10.el6_9.s390x.rpm
samba4-test-4.2.10-10.el6_9.s390x.rpm
samba4-winbind-4.2.10-10.el6_9.s390x.rpm
samba4-winbind-clients-4.2.10-10.el6_9.s390x.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.s390x.rpm

x86_64:
samba4-4.2.10-10.el6_9.x86_64.rpm
samba4-client-4.2.10-10.el6_9.x86_64.rpm
samba4-common-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-debuginfo-4.2.10-10.el6_9.x86_64.rpm
samba4-devel-4.2.10-10.el6_9.x86_64.rpm
samba4-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-pidl-4.2.10-10.el6_9.x86_64.rpm
samba4-python-4.2.10-10.el6_9.x86_64.rpm
samba4-test-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-clients-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
samba4-4.2.10-10.el6_9.src.rpm

i386:
samba4-4.2.10-10.el6_9.i686.rpm
samba4-client-4.2.10-10.el6_9.i686.rpm
samba4-common-4.2.10-10.el6_9.i686.rpm
samba4-dc-4.2.10-10.el6_9.i686.rpm
samba4-dc-libs-4.2.10-10.el6_9.i686.rpm
samba4-debuginfo-4.2.10-10.el6_9.i686.rpm
samba4-devel-4.2.10-10.el6_9.i686.rpm
samba4-libs-4.2.10-10.el6_9.i686.rpm
samba4-pidl-4.2.10-10.el6_9.i686.rpm
samba4-python-4.2.10-10.el6_9.i686.rpm
samba4-test-4.2.10-10.el6_9.i686.rpm
samba4-winbind-4.2.10-10.el6_9.i686.rpm
samba4-winbind-clients-4.2.10-10.el6_9.i686.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.i686.rpm

x86_64:
samba4-4.2.10-10.el6_9.x86_64.rpm
samba4-client-4.2.10-10.el6_9.x86_64.rpm
samba4-common-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-4.2.10-10.el6_9.x86_64.rpm
samba4-dc-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-debuginfo-4.2.10-10.el6_9.x86_64.rpm
samba4-devel-4.2.10-10.el6_9.x86_64.rpm
samba4-libs-4.2.10-10.el6_9.x86_64.rpm
samba4-pidl-4.2.10-10.el6_9.x86_64.rpm
samba4-python-4.2.10-10.el6_9.x86_64.rpm
samba4-test-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-clients-4.2.10-10.el6_9.x86_64.rpm
samba4-winbind-krb5-locator-4.2.10-10.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7494
https://access.redhat.com/security/updates/classification/#important
https://www.samba.org/samba/security/CVE-2017-7494.html
https://access.redhat.com/security/vulnerabilities/3034621

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJXrzXlSAg2UNWIIRAjvVAKCMru7JV//6qVcU8HWv9Grkz/qb2QCeN0xW
eLhgOvEyzHV+KzHitH7B9bQ=
=iD0L
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 24 12:22:52 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 24 May 2017 12:22:52 +0000
Subject: [RHSA-2017:1272-01] Important: samba3x security update
Message-ID: <201705241223.v4OCN0iF000702@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: samba3x security update
Advisory ID:       RHSA-2017:1272-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1272
Issue date:        2017-05-24
CVE Names:         CVE-2017-7494 
=====================================================================

1. Summary:

An update for samba3x is now available for Red Hat Enterprise Linux 5
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 5 ELS) - i386, s390x, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

Security Fix(es):

* A remote code execution flaw was found in Samba. A malicious
authenticated samba client, having write access to the samba share, could
use this flaw to execute arbitrary code as root. (CVE-2017-7494)

Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges steelo as the original reporter.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1450347 - CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE

6. Package List:

Red Hat Enterprise Linux Server (v. 5 ELS):

Source:
samba3x-3.6.23-14.el5_11.src.rpm

i386:
samba3x-3.6.23-14.el5_11.i386.rpm
samba3x-client-3.6.23-14.el5_11.i386.rpm
samba3x-common-3.6.23-14.el5_11.i386.rpm
samba3x-debuginfo-3.6.23-14.el5_11.i386.rpm
samba3x-doc-3.6.23-14.el5_11.i386.rpm
samba3x-domainjoin-gui-3.6.23-14.el5_11.i386.rpm
samba3x-swat-3.6.23-14.el5_11.i386.rpm
samba3x-winbind-3.6.23-14.el5_11.i386.rpm
samba3x-winbind-devel-3.6.23-14.el5_11.i386.rpm

s390x:
samba3x-3.6.23-14.el5_11.s390x.rpm
samba3x-client-3.6.23-14.el5_11.s390x.rpm
samba3x-common-3.6.23-14.el5_11.s390x.rpm
samba3x-debuginfo-3.6.23-14.el5_11.s390.rpm
samba3x-debuginfo-3.6.23-14.el5_11.s390x.rpm
samba3x-doc-3.6.23-14.el5_11.s390x.rpm
samba3x-domainjoin-gui-3.6.23-14.el5_11.s390x.rpm
samba3x-swat-3.6.23-14.el5_11.s390x.rpm
samba3x-winbind-3.6.23-14.el5_11.s390.rpm
samba3x-winbind-3.6.23-14.el5_11.s390x.rpm
samba3x-winbind-devel-3.6.23-14.el5_11.s390.rpm
samba3x-winbind-devel-3.6.23-14.el5_11.s390x.rpm

x86_64:
samba3x-3.6.23-14.el5_11.x86_64.rpm
samba3x-client-3.6.23-14.el5_11.x86_64.rpm
samba3x-common-3.6.23-14.el5_11.x86_64.rpm
samba3x-debuginfo-3.6.23-14.el5_11.i386.rpm
samba3x-debuginfo-3.6.23-14.el5_11.x86_64.rpm
samba3x-doc-3.6.23-14.el5_11.x86_64.rpm
samba3x-domainjoin-gui-3.6.23-14.el5_11.x86_64.rpm
samba3x-swat-3.6.23-14.el5_11.x86_64.rpm
samba3x-winbind-3.6.23-14.el5_11.i386.rpm
samba3x-winbind-3.6.23-14.el5_11.x86_64.rpm
samba3x-winbind-devel-3.6.23-14.el5_11.i386.rpm
samba3x-winbind-devel-3.6.23-14.el5_11.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7494
https://access.redhat.com/security/updates/classification/#important
https://www.samba.org/samba/security/CVE-2017-7494.html
https://access.redhat.com/security/vulnerabilities/3034621

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJXsvXlSAg2UNWIIRAoAuAJ9Wes7v2YpTfCI2EZoIy+75DEYjRQCeJ6MY
uM5BG8IMm9bFtCwhTvcxrI8=
=/9qH
-----END PGP SIGNATURE-----




From fleite at redhat.com  Wed May 24 22:33:34 2017
From: fleite at redhat.com (Fabio Olive Leite)
Date: Wed, 24 May 2017 19:33:34 -0300
Subject: MAILING LIST SHUTDOWN NOTIFICATION
Message-ID: <e2038967-40be-90c0-1242-de71304ec67d@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ERRATA MAILING LIST SHUTDOWN NOTIFICATION

This is a notification to inform all subscribers that on May 31st 2017
the rhev-watch-list, enterprise-watch-list and jboss-watch-list mailing
lists will be disabled by Red Hat Product Security, and no additional
Security Advisory notifications will be sent to them.  The blog post
linked below contains information about this change and the many
alternatives available for receiving security errata notifications.

https://access.redhat.com/blogs/product-security/posts/rhsa-announce

In summary, the rhsa-announce mailing list will remain operational and
has been enhanced with Topics support, so that it can provide the same
level of granularity for the advisories delivered to subscribers as the
individual lists being disabled, with benefits.

For any concerns regarding the shutdown of these mailing lists, please
reach out to Red Hat Product Security at <secalert at redhat.com>.

Fabio Olive Leite
Red Hat Product Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZHKajXlSAg2UNWIIRApryAKCQVRnghMBJe4xjNkUY82Mr9vDD0wCgwcOc
qwqVW3KUeLd82EkQnbV125c=
=f6hd
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Thu May 25 16:17:09 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 25 May 2017 12:17:09 -0400
Subject: [RHSA-2017:1308-01] Important: kernel security, bug fix,
	and enhancement update
Message-ID: <201705251617.v4PGH90o020568@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:1308-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1308
Issue date:        2017-05-25
CVE Names:         CVE-2016-10208 CVE-2016-7910 CVE-2016-8646 
                   CVE-2017-5986 CVE-2017-7308 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* It was found that the packet_set_ring() function of the Linux kernel's
networking implementation did not properly validate certain block-size
data. A local attacker with CAP_NET_RAW capability could use this flaw to
trigger a buffer overflow, resulting in the crash of the system. Due to the
nature of the flaw, privilege escalation cannot be fully ruled out.
(CVE-2017-7308, Important)

* Mounting a crafted EXT4 image read-only leads to an attacker controlled
memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)

* A flaw was found in the Linux kernel's implementation of seq_file where a
local attacker could manipulate memory in the put() function pointer. This
could lead to memory corruption and possible privileged escalation.
(CVE-2016-7910, Moderate)

* A vulnerability was found in the Linux kernel. An unprivileged local user
could trigger oops in shash_async_export() by attempting to force the
in-kernel hashing algorithms into decrypting an empty data set.
(CVE-2016-8646, Moderate)

* It was reported that with Linux kernel, earlier than version v4.10-rc8,
an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket
tx buffer is full, a thread is waiting on it to queue more data, and
meanwhile another thread peels off the association being used by the first
thread. (CVE-2017-5986, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for
reporting CVE-2016-8646.

Additional Changes:

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Technical Notes
document linked to in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
1399727 - CVE-2016-7910 kernel: Use after free in seq file
1420276 - CVE-2017-5986 kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-514.21.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.21.1.el7.noarch.rpm
kernel-doc-3.10.0-514.21.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.21.1.el7.x86_64.rpm
perf-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-514.21.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.21.1.el7.noarch.rpm
kernel-doc-3.10.0-514.21.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.21.1.el7.x86_64.rpm
perf-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-514.21.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.21.1.el7.noarch.rpm
kernel-doc-3.10.0-514.21.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-514.21.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-514.21.1.el7.ppc64.rpm
kernel-debug-3.10.0-514.21.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-514.21.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.21.1.el7.ppc64.rpm
kernel-devel-3.10.0-514.21.1.el7.ppc64.rpm
kernel-headers-3.10.0-514.21.1.el7.ppc64.rpm
kernel-tools-3.10.0-514.21.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-514.21.1.el7.ppc64.rpm
perf-3.10.0-514.21.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
python-perf-3.10.0-514.21.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-debug-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-devel-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-headers-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-tools-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.21.1.el7.ppc64le.rpm
perf-3.10.0-514.21.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
python-perf-3.10.0-514.21.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-514.21.1.el7.s390x.rpm
kernel-debug-3.10.0-514.21.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-514.21.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-514.21.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-514.21.1.el7.s390x.rpm
kernel-devel-3.10.0-514.21.1.el7.s390x.rpm
kernel-headers-3.10.0-514.21.1.el7.s390x.rpm
kernel-kdump-3.10.0-514.21.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-514.21.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-514.21.1.el7.s390x.rpm
perf-3.10.0-514.21.1.el7.s390x.rpm
perf-debuginfo-3.10.0-514.21.1.el7.s390x.rpm
python-perf-3.10.0-514.21.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.21.1.el7.x86_64.rpm
perf-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.21.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-514.21.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.21.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-514.21.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.21.1.el7.noarch.rpm
kernel-doc-3.10.0-514.21.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.21.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.21.1.el7.x86_64.rpm
perf-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.21.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-10208
https://access.redhat.com/security/cve/CVE-2016-7910
https://access.redhat.com/security/cve/CVE-2016-8646
https://access.redhat.com/security/cve/CVE-2017-5986
https://access.redhat.com/security/cve/CVE-2017-7308
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/3034221

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJwObXlSAg2UNWIIRAi76AKC1sCNoWTku3UsUaUYSwHybWIDp3gCgkqCj
zAdHKUmc+d48xT+i4FrggKE=
=BVB9
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Thu May 25 16:17:23 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 25 May 2017 12:17:23 -0400
Subject: [RHSA-2017:1298-01] Important: kernel-rt security and bug fix update
Message-ID: <201705251617.v4PGHNTN020587@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2017:1298-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1298
Issue date:        2017-05-25
CVE Names:         CVE-2016-10208 CVE-2016-7910 CVE-2016-8646 
                   CVE-2017-7308 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* It was found that the packet_set_ring() function of the Linux kernel's
networking implementation did not properly validate certain block-size
data. A local attacker with CAP_NET_RAW capability could use this flaw to
trigger a buffer overflow, resulting in the crash of the system. Due to the
nature of the flaw, privilege escalation cannot be fully ruled out.
(CVE-2017-7308, Important)

* Mounting a crafted EXT4 image read-only leads to an attacker controlled
memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)

* A flaw was found in the Linux kernel's implementation of seq_file where a
local attacker could manipulate memory in the put() function pointer. This
could lead to memory corruption and possible privileged escalation.
(CVE-2016-7910, Moderate)

* A vulnerability was found in the Linux kernel. An unprivileged local user
could trigger oops in shash_async_export() by attempting to force the
in-kernel hashing algorithms into decrypting an empty data set.
(CVE-2016-8646, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for
reporting CVE-2016-8646.

Bug Fix(es):

* The kernel-rt packages have been upgraded to the 3.10.0-514.21.1 source
tree, which provides a number of bug fixes over the previous version.
(BZ#1440803)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
1399727 - CVE-2016-7910 kernel: Use after free in seq file
1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
1440803 - kernel-rt: update to the RHEL7.3.z batch#5 source tree [rhel-7.3.z]

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-514.21.1.rt56.438.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-514.21.1.rt56.438.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm

Red Hat Enterprise Linux Realtime (v. 7):

Source:
kernel-rt-3.10.0-514.21.1.rt56.438.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-514.21.1.rt56.438.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-10208
https://access.redhat.com/security/cve/CVE-2016-7910
https://access.redhat.com/security/cve/CVE-2016-8646
https://access.redhat.com/security/cve/CVE-2017-7308
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJwOrXlSAg2UNWIIRAn2UAJ41Ut4i1vSy/aadG+YmtOqOdQIZAgCfVq1T
VbvmE37hC8DYk4acPs8EdNQ=
=+ZRz
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Thu May 25 16:17:37 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 25 May 2017 12:17:37 -0400
Subject: [RHSA-2017:1297-01] Important: kernel-rt security and bug fix update
Message-ID: <201705251617.v4PGHbGR020606@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2017:1297-01
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1297
Issue date:        2017-05-25
CVE Names:         CVE-2016-10208 CVE-2016-7910 CVE-2016-8646 
                   CVE-2017-7308 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* It was found that the packet_set_ring() function of the Linux kernel's
networking implementation did not properly validate certain block-size
data. A local attacker with CAP_NET_RAW capability could use this flaw to
trigger a buffer overflow, resulting in the crash of the system. Due to the
nature of the flaw, privilege escalation cannot be fully ruled out.
(CVE-2017-7308, Important)

* Mounting a crafted EXT4 image read-only leads to an attacker controlled
memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)

* A flaw was found in the Linux kernel's implementation of seq_file where a
local attacker could manipulate memory in the put() function pointer. This
could lead to memory corruption and possible privileged escalation.
(CVE-2016-7910, Moderate)

* A vulnerability was found in the Linux kernel. An unprivileged local user
could trigger oops in shash_async_export() by attempting to force the
in-kernel hashing algorithms into decrypting an empty data set.
(CVE-2016-8646, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for
reporting CVE-2016-8646.

Bug Fix(es):

* The kernel-rt packages have been upgraded to the 3.10.0-514 source tree,
which provides a number of bug fixes over the previous version.
(BZ#1440807)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
1399727 - CVE-2016-7910 kernel: Use after free in seq file
1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
1440807 - update the MRG 2.5.z 3.10 kernel-rt sources

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
kernel-rt-3.10.0-514.rt56.221.el6rt.src.rpm

noarch:
kernel-rt-doc-3.10.0-514.rt56.221.el6rt.noarch.rpm
kernel-rt-firmware-3.10.0-514.rt56.221.el6rt.noarch.rpm

x86_64:
kernel-rt-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-debug-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-trace-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-10208
https://access.redhat.com/security/cve/CVE-2016-7910
https://access.redhat.com/security/cve/CVE-2016-8646
https://access.redhat.com/security/cve/CVE-2017-7308
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZJwO5XlSAg2UNWIIRAnpqAKCQZt/swy6bi7/sVf3/6spUqI1ofQCgoALD
qCQAviiomm5UaLPvITg/ol0=
=1j3c
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May 30 11:10:41 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 30 May 2017 07:10:41 -0400
Subject: [RHSA-2017:1364-01] Important: nss security and bug fix update
Message-ID: <201705301110.v4UBAfKs031339@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: nss security and bug fix update
Advisory ID:       RHSA-2017:1364-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1364
Issue date:        2017-05-30
CVE Names:         CVE-2017-7502 
=====================================================================

1. Summary:

An update for nss is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.

Security Fix(es):

* A null pointer dereference flaw was found in the way NSS handled empty
SSLv2 messages. An attacker could use this flaw to crash a server
application compiled against the NSS library. (CVE-2017-7502)

Bug Fix(es):

* The Network Security Services (NSS) code and Certificate Authority (CA)
list have been updated to meet the recommendations as published with the
latest Mozilla Firefox Extended Support Release (ESR). The updated CA list
improves compatibility with the certificates that are used in the Internet
Public Key Infrastructure (PKI). To avoid certificate validation refusals,
Red Hat recommends installing the updated CA list on June 12, 2017.
(BZ#1448488)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox)
must be restarted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1446631 - CVE-2017-7502 nss: Null pointer dereference when handling empty SSLv2 messages

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
nss-3.28.4-3.el6_9.src.rpm

i386:
nss-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-sysinit-3.28.4-3.el6_9.i686.rpm
nss-tools-3.28.4-3.el6_9.i686.rpm

x86_64:
nss-3.28.4-3.el6_9.i686.rpm
nss-3.28.4-3.el6_9.x86_64.rpm
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-sysinit-3.28.4-3.el6_9.x86_64.rpm
nss-tools-3.28.4-3.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-devel-3.28.4-3.el6_9.i686.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm

x86_64:
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-devel-3.28.4-3.el6_9.i686.rpm
nss-devel-3.28.4-3.el6_9.x86_64.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
nss-3.28.4-3.el6_9.src.rpm

x86_64:
nss-3.28.4-3.el6_9.i686.rpm
nss-3.28.4-3.el6_9.x86_64.rpm
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-sysinit-3.28.4-3.el6_9.x86_64.rpm
nss-tools-3.28.4-3.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-devel-3.28.4-3.el6_9.i686.rpm
nss-devel-3.28.4-3.el6_9.x86_64.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
nss-3.28.4-3.el6_9.src.rpm

i386:
nss-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-devel-3.28.4-3.el6_9.i686.rpm
nss-sysinit-3.28.4-3.el6_9.i686.rpm
nss-tools-3.28.4-3.el6_9.i686.rpm

ppc64:
nss-3.28.4-3.el6_9.ppc.rpm
nss-3.28.4-3.el6_9.ppc64.rpm
nss-debuginfo-3.28.4-3.el6_9.ppc.rpm
nss-debuginfo-3.28.4-3.el6_9.ppc64.rpm
nss-devel-3.28.4-3.el6_9.ppc.rpm
nss-devel-3.28.4-3.el6_9.ppc64.rpm
nss-sysinit-3.28.4-3.el6_9.ppc64.rpm
nss-tools-3.28.4-3.el6_9.ppc64.rpm

s390x:
nss-3.28.4-3.el6_9.s390.rpm
nss-3.28.4-3.el6_9.s390x.rpm
nss-debuginfo-3.28.4-3.el6_9.s390.rpm
nss-debuginfo-3.28.4-3.el6_9.s390x.rpm
nss-devel-3.28.4-3.el6_9.s390.rpm
nss-devel-3.28.4-3.el6_9.s390x.rpm
nss-sysinit-3.28.4-3.el6_9.s390x.rpm
nss-tools-3.28.4-3.el6_9.s390x.rpm

x86_64:
nss-3.28.4-3.el6_9.i686.rpm
nss-3.28.4-3.el6_9.x86_64.rpm
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-devel-3.28.4-3.el6_9.i686.rpm
nss-devel-3.28.4-3.el6_9.x86_64.rpm
nss-sysinit-3.28.4-3.el6_9.x86_64.rpm
nss-tools-3.28.4-3.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm

ppc64:
nss-debuginfo-3.28.4-3.el6_9.ppc.rpm
nss-debuginfo-3.28.4-3.el6_9.ppc64.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.ppc.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.ppc64.rpm

s390x:
nss-debuginfo-3.28.4-3.el6_9.s390.rpm
nss-debuginfo-3.28.4-3.el6_9.s390x.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.s390.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.s390x.rpm

x86_64:
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
nss-3.28.4-3.el6_9.src.rpm

i386:
nss-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-devel-3.28.4-3.el6_9.i686.rpm
nss-sysinit-3.28.4-3.el6_9.i686.rpm
nss-tools-3.28.4-3.el6_9.i686.rpm

x86_64:
nss-3.28.4-3.el6_9.i686.rpm
nss-3.28.4-3.el6_9.x86_64.rpm
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-devel-3.28.4-3.el6_9.i686.rpm
nss-devel-3.28.4-3.el6_9.x86_64.rpm
nss-sysinit-3.28.4-3.el6_9.x86_64.rpm
nss-tools-3.28.4-3.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm

x86_64:
nss-debuginfo-3.28.4-3.el6_9.i686.rpm
nss-debuginfo-3.28.4-3.el6_9.x86_64.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
nss-pkcs11-devel-3.28.4-3.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7502
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZLVNIXlSAg2UNWIIRAu5OAJ0XQgJNwHdxyJlCfnHlZtICO3OYoACgg+wz
E4XWzMKYdt6ubh4GYKaAJTQ=
=sqLA
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May 30 11:11:44 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 30 May 2017 07:11:44 -0400
Subject: [RHSA-2017:1365-03] Important: nss security and bug fix update
Message-ID: <201705301111.v4UBBiJv031745@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: nss security and bug fix update
Advisory ID:       RHSA-2017:1365-03
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1365
Issue date:        2017-05-30
CVE Names:         CVE-2017-7502 
=====================================================================

1. Summary:

An update for nss is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.

Security Fix(es):

* A null pointer dereference flaw was found in the way NSS handled empty
SSLv2 messages. An attacker could use this flaw to crash a server
application compiled against the NSS library. (CVE-2017-7502)

Bug Fix(es):

* The Network Security Services (NSS) code and Certificate Authority (CA)
list have been updated to meet the recommendations as published with the
latest Mozilla Firefox Extended Support Release (ESR). The updated CA list
improves compatibility with the certificates that are used in the Internet
Public Key Infrastructure (PKI). To avoid certificate validation refusals,
Red Hat recommends installing the updated CA list on June 12, 2017.
(BZ#1451421)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox)
must be restarted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1446631 - CVE-2017-7502 nss: Null pointer dereference when handling empty SSLv2 messages

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
nss-3.28.4-1.2.el7_3.src.rpm

x86_64:
nss-3.28.4-1.2.el7_3.i686.rpm
nss-3.28.4-1.2.el7_3.x86_64.rpm
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm
nss-tools-3.28.4-1.2.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-devel-3.28.4-1.2.el7_3.i686.rpm
nss-devel-3.28.4-1.2.el7_3.x86_64.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
nss-3.28.4-1.2.el7_3.src.rpm

x86_64:
nss-3.28.4-1.2.el7_3.i686.rpm
nss-3.28.4-1.2.el7_3.x86_64.rpm
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm
nss-tools-3.28.4-1.2.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-devel-3.28.4-1.2.el7_3.i686.rpm
nss-devel-3.28.4-1.2.el7_3.x86_64.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
nss-3.28.4-1.2.el7_3.src.rpm

aarch64:
nss-3.28.4-1.2.el7_3.aarch64.rpm
nss-debuginfo-3.28.4-1.2.el7_3.aarch64.rpm
nss-devel-3.28.4-1.2.el7_3.aarch64.rpm
nss-sysinit-3.28.4-1.2.el7_3.aarch64.rpm
nss-tools-3.28.4-1.2.el7_3.aarch64.rpm

ppc64:
nss-3.28.4-1.2.el7_3.ppc.rpm
nss-3.28.4-1.2.el7_3.ppc64.rpm
nss-debuginfo-3.28.4-1.2.el7_3.ppc.rpm
nss-debuginfo-3.28.4-1.2.el7_3.ppc64.rpm
nss-devel-3.28.4-1.2.el7_3.ppc.rpm
nss-devel-3.28.4-1.2.el7_3.ppc64.rpm
nss-sysinit-3.28.4-1.2.el7_3.ppc64.rpm
nss-tools-3.28.4-1.2.el7_3.ppc64.rpm

ppc64le:
nss-3.28.4-1.2.el7_3.ppc64le.rpm
nss-debuginfo-3.28.4-1.2.el7_3.ppc64le.rpm
nss-devel-3.28.4-1.2.el7_3.ppc64le.rpm
nss-sysinit-3.28.4-1.2.el7_3.ppc64le.rpm
nss-tools-3.28.4-1.2.el7_3.ppc64le.rpm

s390x:
nss-3.28.4-1.2.el7_3.s390.rpm
nss-3.28.4-1.2.el7_3.s390x.rpm
nss-debuginfo-3.28.4-1.2.el7_3.s390.rpm
nss-debuginfo-3.28.4-1.2.el7_3.s390x.rpm
nss-devel-3.28.4-1.2.el7_3.s390.rpm
nss-devel-3.28.4-1.2.el7_3.s390x.rpm
nss-sysinit-3.28.4-1.2.el7_3.s390x.rpm
nss-tools-3.28.4-1.2.el7_3.s390x.rpm

x86_64:
nss-3.28.4-1.2.el7_3.i686.rpm
nss-3.28.4-1.2.el7_3.x86_64.rpm
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-devel-3.28.4-1.2.el7_3.i686.rpm
nss-devel-3.28.4-1.2.el7_3.x86_64.rpm
nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm
nss-tools-3.28.4-1.2.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
nss-debuginfo-3.28.4-1.2.el7_3.aarch64.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.aarch64.rpm

ppc64:
nss-debuginfo-3.28.4-1.2.el7_3.ppc.rpm
nss-debuginfo-3.28.4-1.2.el7_3.ppc64.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.ppc.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.ppc64.rpm

ppc64le:
nss-debuginfo-3.28.4-1.2.el7_3.ppc64le.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.ppc64le.rpm

s390x:
nss-debuginfo-3.28.4-1.2.el7_3.s390.rpm
nss-debuginfo-3.28.4-1.2.el7_3.s390x.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.s390.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.s390x.rpm

x86_64:
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
nss-3.28.4-1.2.el7_3.src.rpm

x86_64:
nss-3.28.4-1.2.el7_3.i686.rpm
nss-3.28.4-1.2.el7_3.x86_64.rpm
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-devel-3.28.4-1.2.el7_3.i686.rpm
nss-devel-3.28.4-1.2.el7_3.x86_64.rpm
nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm
nss-tools-3.28.4-1.2.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7502
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZLVOSXlSAg2UNWIIRAq92AKCY6SgPW0ioGWcqF8auWHzF6CqPrwCfRqSm
XLz3YZk/Q+IFWvugtHwhiWI=
=6qI6
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May 30 17:47:20 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 30 May 2017 13:47:20 -0400
Subject: [RHSA-2017:1381-01] Important: sudo security update
Message-ID: <201705301747.v4UHlKAa022345@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update
Advisory ID:       RHSA-2017:1381-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1381
Issue date:        2017-05-30
CVE Names:         CVE-2017-1000367 
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 5 Extended
Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 5 ELS) - i386, s390x, x86_64

3. Description:

The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.

Security Fix(es):

* A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367)

Red Hat would like to thank Qualys Security for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1453074 - CVE-2017-1000367  sudo: Privilege escalation in via improper get_process_ttyname() parsing

6. Package List:

Red Hat Enterprise Linux Server (v. 5 ELS):

Source:
sudo-1.7.2p1-30.el5_11.src.rpm

i386:
sudo-1.7.2p1-30.el5_11.i386.rpm
sudo-debuginfo-1.7.2p1-30.el5_11.i386.rpm

s390x:
sudo-1.7.2p1-30.el5_11.s390x.rpm
sudo-debuginfo-1.7.2p1-30.el5_11.s390x.rpm

x86_64:
sudo-1.7.2p1-30.el5_11.x86_64.rpm
sudo-debuginfo-1.7.2p1-30.el5_11.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-1000367
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZLbBNXlSAg2UNWIIRAoOQAJ0QUwHWO/NJzNrCfCbVPpXgF/M/AwCgwCk6
5qW/fvMqNwTRd2F4X2rauUc=
=4v7B
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Tue May 30 19:37:36 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 30 May 2017 15:37:36 -0400
Subject: [RHSA-2017:1382-01] Important: sudo security update
Message-ID: <201705301937.v4UJbaYH004029@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: sudo security update
Advisory ID:       RHSA-2017:1382-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1382
Issue date:        2017-05-30
CVE Names:         CVE-2017-1000367 
=====================================================================

1. Summary:

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The sudo packages contain the sudo utility which allows system
administrators to provide certain users with the permission to execute
privileged commands, which are used for system management purposes, without
having to log in as root.

Security Fix(es):

* A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367)

Red Hat would like to thank Qualys Security for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1453074 - CVE-2017-1000367  sudo: Privilege escalation in via improper get_process_ttyname() parsing

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
sudo-1.8.6p3-28.el6_9.src.rpm

i386:
sudo-1.8.6p3-28.el6_9.i686.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm

x86_64:
sudo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm
sudo-devel-1.8.6p3-28.el6_9.i686.rpm

x86_64:
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-devel-1.8.6p3-28.el6_9.i686.rpm
sudo-devel-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
sudo-1.8.6p3-28.el6_9.src.rpm

x86_64:
sudo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-devel-1.8.6p3-28.el6_9.i686.rpm
sudo-devel-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
sudo-1.8.6p3-28.el6_9.src.rpm

i386:
sudo-1.8.6p3-28.el6_9.i686.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm

ppc64:
sudo-1.8.6p3-28.el6_9.ppc64.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.ppc64.rpm

s390x:
sudo-1.8.6p3-28.el6_9.s390x.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.s390x.rpm

x86_64:
sudo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm
sudo-devel-1.8.6p3-28.el6_9.i686.rpm

ppc64:
sudo-debuginfo-1.8.6p3-28.el6_9.ppc.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.ppc64.rpm
sudo-devel-1.8.6p3-28.el6_9.ppc.rpm
sudo-devel-1.8.6p3-28.el6_9.ppc64.rpm

s390x:
sudo-debuginfo-1.8.6p3-28.el6_9.s390.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.s390x.rpm
sudo-devel-1.8.6p3-28.el6_9.s390.rpm
sudo-devel-1.8.6p3-28.el6_9.s390x.rpm

x86_64:
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-devel-1.8.6p3-28.el6_9.i686.rpm
sudo-devel-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
sudo-1.8.6p3-28.el6_9.src.rpm

i386:
sudo-1.8.6p3-28.el6_9.i686.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm

x86_64:
sudo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm
sudo-devel-1.8.6p3-28.el6_9.i686.rpm

x86_64:
sudo-debuginfo-1.8.6p3-28.el6_9.i686.rpm
sudo-debuginfo-1.8.6p3-28.el6_9.x86_64.rpm
sudo-devel-1.8.6p3-28.el6_9.i686.rpm
sudo-devel-1.8.6p3-28.el6_9.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
sudo-1.8.6p7-22.el7_3.src.rpm

x86_64:
sudo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
sudo-debuginfo-1.8.6p7-22.el7_3.i686.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-devel-1.8.6p7-22.el7_3.i686.rpm
sudo-devel-1.8.6p7-22.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
sudo-1.8.6p7-22.el7_3.src.rpm

x86_64:
sudo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
sudo-debuginfo-1.8.6p7-22.el7_3.i686.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-devel-1.8.6p7-22.el7_3.i686.rpm
sudo-devel-1.8.6p7-22.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
sudo-1.8.6p7-22.el7_3.src.rpm

aarch64:
sudo-1.8.6p7-22.el7_3.aarch64.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.aarch64.rpm

ppc64:
sudo-1.8.6p7-22.el7_3.ppc64.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.ppc64.rpm

ppc64le:
sudo-1.8.6p7-22.el7_3.ppc64le.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.ppc64le.rpm

s390x:
sudo-1.8.6p7-22.el7_3.s390x.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.s390x.rpm

x86_64:
sudo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64:
sudo-debuginfo-1.8.6p7-22.el7_3.aarch64.rpm
sudo-devel-1.8.6p7-22.el7_3.aarch64.rpm

ppc64:
sudo-debuginfo-1.8.6p7-22.el7_3.ppc.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.ppc64.rpm
sudo-devel-1.8.6p7-22.el7_3.ppc.rpm
sudo-devel-1.8.6p7-22.el7_3.ppc64.rpm

ppc64le:
sudo-debuginfo-1.8.6p7-22.el7_3.ppc64le.rpm
sudo-devel-1.8.6p7-22.el7_3.ppc64le.rpm

s390x:
sudo-debuginfo-1.8.6p7-22.el7_3.s390.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.s390x.rpm
sudo-devel-1.8.6p7-22.el7_3.s390.rpm
sudo-devel-1.8.6p7-22.el7_3.s390x.rpm

x86_64:
sudo-debuginfo-1.8.6p7-22.el7_3.i686.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-devel-1.8.6p7-22.el7_3.i686.rpm
sudo-devel-1.8.6p7-22.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
sudo-1.8.6p7-22.el7_3.src.rpm

x86_64:
sudo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
sudo-debuginfo-1.8.6p7-22.el7_3.i686.rpm
sudo-debuginfo-1.8.6p7-22.el7_3.x86_64.rpm
sudo-devel-1.8.6p7-22.el7_3.i686.rpm
sudo-devel-1.8.6p7-22.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-1000367
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZLcokXlSAg2UNWIIRAjXdAJ476KFVFgGrif2Wv8FFpfffl4usUACfcSMu
VUyztwz94IwMBm6rSyEPWeE=
=3y/S
-----END PGP SIGNATURE-----



From bugzilla at redhat.com  Wed May 31 09:25:43 2017
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 31 May 2017 05:25:43 -0400
Subject: [RHSA-2017:1372-01] Moderate: kernel security and bug fix update
Message-ID: <201705310925.v4V9PhXd007668@lists01.pubmisc.prod.ext.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       RHSA-2017:1372-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:1372
Issue date:        2017-05-30
CVE Names:         CVE-2017-6214 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw was found in the Linux kernel's handling of packets with the URG
flag. Applications using the splice() and tcp_splice_read() functionality
can allow a remote attacker to force the kernel to enter a condition in
which it can loop indefinitely. (CVE-2017-6214, Moderate)

Bug Fix(es):

* When executing certain Hadoop jobs, a kernel panic occasionally occurred
on multiple nodes of a cluster. This update fixes the kernel scheduler, and
the kernel panic no longer occurs under the described circumstances.
(BZ#1436241)

* Previously, memory leak of the struct cred data structure and related
data structures occasionally occurred. Consequently, system performance was
suboptimal with the symptoms of high I/O operations wait and small amount
of free memory. This update fixes the reference counter of the struct slab
cache to no longer cause imbalance between the calls to the get_cred()
function and the put_cred() function. As a result, the memory leak no
longer occurs under the described circumstances. (BZ#1443234)

* Previously, the be2net driver could not detect the link status properly
on IBM Power Systems. Consequently, the link status was always reported as
disconnected. With this update, be2net has been fixed, and the Network
Interface Cards (NICs) now report the link status correctly. (BZ#1442979)

* Previously, the RFF_ID and RFT_ID commands in the lpfc driver were issued
in an incorrect order. Consequently, users were not able to access Logical
Unit Numbers (LUNs). With this update, lpfc has been fixed to issue RFT_ID
before RFF_ID, which is the correct order. As a result, users can now
access LUNs as expected. (BZ#1439636)

* Previously, the kdump mechanism was trying to get the lock by the
vmalloc_sync_all() function during a kernel panic. Consequently, a deadlock
occurred, and the crashkernel did not boot. This update fixes the
vmalloc_sync_all() function to avoid synchronizing the vmalloc area on the
crashing CPU. As a result, the crashkernel parameter now boots as expected,
and the kernel dump is collected successfully under the described
circumstances. (BZ#1443499)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1426542 - CVE-2017-6214 kernel: ipv4/tcp: Infinite loop in tcp_splice_read()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-696.3.1.el6.src.rpm

i386:
kernel-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
kernel-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-headers-2.6.32-696.3.1.el6.i686.rpm
perf-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.3.1.el6.noarch.rpm
kernel-doc-2.6.32-696.3.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.3.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.3.1.el6.x86_64.rpm
perf-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-696.3.1.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.3.1.el6.noarch.rpm
kernel-doc-2.6.32-696.3.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.3.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.3.1.el6.x86_64.rpm
perf-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-696.3.1.el6.src.rpm

i386:
kernel-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
kernel-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-headers-2.6.32-696.3.1.el6.i686.rpm
perf-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.3.1.el6.noarch.rpm
kernel-doc-2.6.32-696.3.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.3.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-696.3.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-696.3.1.el6.ppc64.rpm
kernel-debug-2.6.32-696.3.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-696.3.1.el6.ppc64.rpm
kernel-devel-2.6.32-696.3.1.el6.ppc64.rpm
kernel-headers-2.6.32-696.3.1.el6.ppc64.rpm
perf-2.6.32-696.3.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-696.3.1.el6.s390x.rpm
kernel-debug-2.6.32-696.3.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-696.3.1.el6.s390x.rpm
kernel-devel-2.6.32-696.3.1.el6.s390x.rpm
kernel-headers-2.6.32-696.3.1.el6.s390x.rpm
kernel-kdump-2.6.32-696.3.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-696.3.1.el6.s390x.rpm
perf-2.6.32-696.3.1.el6.s390x.rpm
perf-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.3.1.el6.x86_64.rpm
perf-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-696.3.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm
python-perf-2.6.32-696.3.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-696.3.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
perf-debuginfo-2.6.32-696.3.1.el6.s390x.rpm
python-perf-2.6.32-696.3.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-696.3.1.el6.src.rpm

i386:
kernel-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
kernel-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-headers-2.6.32-696.3.1.el6.i686.rpm
perf-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.3.1.el6.noarch.rpm
kernel-doc-2.6.32-696.3.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.3.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.3.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.3.1.el6.x86_64.rpm
perf-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm
python-perf-2.6.32-696.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-2.6.32-696.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.3.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-6214
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZLow+XlSAg2UNWIIRApyyAKCoh5bNIJK+Es+ywQ11wUkXro+/pwCdEsEe
BSnWWtdRCWruz3ZG52Z5fGM=
=IiIt
-----END PGP SIGNATURE-----



From fleite at redhat.com  Wed May 31 19:52:25 2017
From: fleite at redhat.com (Fabio Olive Leite)
Date: Wed, 31 May 2017 16:52:25 -0300
Subject: FINAL MAILING LIST SHUTDOWN NOTIFICATION
Message-ID: <092791f7-e4f0-e7c1-dbb9-2bba4a9fca4b@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ERRATA MAILING LIST SHUTDOWN NOTIFICATION

This is a notification to inform all subscribers that on May 31st 2017
the rhev-watch-list, enterprise-watch-list and jboss-watch-list mailing
lists will be disabled by Red Hat Product Security, and no additional
Security Advisory notifications will be sent to them.  The blog post
linked below contains information about this change and the many
alternatives available for receiving security errata notifications.

https://access.redhat.com/blogs/product-security/posts/rhsa-announce

In summary, the rhsa-announce mailing list will remain operational and
has been enhanced with Topics support, so that it can provide the same
level of granularity for the advisories delivered to subscribers as the
individual lists being disabled, with benefits.

For any concerns regarding the shutdown of these mailing lists, please
reach out to Red Hat Product Security at <secalert at redhat.com>.

Fabio Olive Leite
Red Hat Product Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZHKajXlSAg2UNWIIRApryAKCQVRnghMBJe4xjNkUY82Mr9vDD0wCgwcOc
qwqVW3KUeLd82EkQnbV125c=
=f6hd
-----END PGP SIGNATURE-----