date:20180122

[RHSA-2018:0115-01] Important: java-1.6.0-sun security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: java-1.6.0-sun security update
Advisory ID:   RHSA-2018:0115-01
Product:   Oracle Java for Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0115
Issue date:2018-01-22
CVE Names: CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 
   CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 
   CVE-2018-2629 CVE-2018-2633 CVE-2018-2637 
   CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 
   CVE-2018-2677 CVE-2018-2678 
=

1. Summary:

An update for java-1.6.0-sun is now available for Oracle Java for Red Hat
Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update upgrades Oracle Java SE 6 to version 6 Update 181.

Security Fix(es):

* This update fixes multiple vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page listed in the References section.
(CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603,
CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641,
CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Oracle Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1534263 - CVE-2018-2678 OpenJDK: unbounded memory allocation in BasicAttributes 
deserialization (JNDI, 8191142)
1534288 - CVE-2018-2677 OpenJDK: unbounded memory allocation during 
deserialization (AWT, 8190289)
1534296 - CVE-2018-2663 OpenJDK: ArrayBlockingQueue deserialization to an 
inconsistent state (Libraries, 8189284)
1534298 - CVE-2018-2579 OpenJDK: unsynchronized access to encryption key data 
(Libraries, 8172525)
1534299 - CVE-2018-2588 OpenJDK: LdapLoginModule insufficient username encoding 
in LDAP query (LDAP, 8178449)
1534525 - CVE-2018-2602 OpenJDK: loading of classes from untrusted locations 
(I18n, 8182601)
1534543 - CVE-2018-2599 OpenJDK: DnsClient missing source port randomization 
(JNDI, 8182125)
1534553 - CVE-2018-2603 OpenJDK: DerValue unbounded memory allocation 
(Libraries, 8182387)
1534625 - CVE-2018-2629 OpenJDK: GSS context use-after-free (JGSS, 8186212)
1534762 - CVE-2018-2618 OpenJDK: insufficient strength of key agreement (JCE, 
8185292)
1534766 - CVE-2018-2641 OpenJDK: GTK library loading use-after-free (AWT, 
8185325)
1534970 - CVE-2018-2637 OpenJDK: SingleEntryRegistry incorrect setup of 
deserialization filter (JMX, 8186998)
1535036 - CVE-2018-2633 OpenJDK: LDAPCertStore insecure handling of LDAP 
referrals (JNDI, 8186606)
1535353 - CVE-2018-2657 Oracle JDK: unspecified vulnerability fixed in 6u181 
and 7u171 (Serialization)

6. Package List:

Oracle Java for Red Hat Enterprise Linux Desktop 6:

i386:
java-1.6.0-sun-1.6.0.181-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.181-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.181-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6.x86_64.rpm

Oracle Java for Red Hat Enterprise Linux

[RHSA-2018:0108-01] Important: libvirt security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: libvirt security update
Advisory ID:   RHSA-2018:0108-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0108
Issue date:2018-01-22
=

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the libvirt side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
libvirt-0.10.2-54.el6_7.7.src.rpm

x86_64:
libvirt-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-client-0.10.2-54.el6_7.7.i686.rpm
libvirt-client-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-python-0.10.2-54.el6_7.7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):

x86_64:
libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-devel-0.10.2-54.el6_7.7.i686.rpm
libvirt-devel-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-lock-sanlock-0.10.2-54.el6_7.7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
libvirt-0.10.2-54.el6_7.7.src.rpm

i386:
libvirt-0.10.2-54.el6_7.7.i686.rpm
libvirt-client-0.10.2-54.el6_7.7.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm
libvirt-devel-0.10.2-54.el6_7.7.i686.rpm
libvirt-python-0.10.2-54.el6_7.7.i686.rpm

ppc64:
libvirt-0.10.2-54.el6_7.7.ppc64.rpm
libvirt-client-0.10.2-54.el6_7.7.ppc.rpm
libvirt-client-0.10.2-54.el6_7.7.ppc64.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.ppc.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.ppc64.rpm
libvirt-devel-0.10.2-54.el6_7.7.ppc.rpm
libvirt-devel-0.10.2-54.el6_7.7.ppc64.rpm
libvirt-python-0.10.2-54.el6_7.7.ppc64.rpm

s390x:
libvirt-0.10.2-54.el6_7.7.s390x.rpm
libvirt-client-0.10.2-54.el6_7.7.s390.rpm
libvirt-client-0.10.2-54.el6_7.7.s390x.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.s390.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.s390x.rpm
libvirt-devel-0.10.2-54.el6_7.7.s390.rpm
libvirt-devel-0.10.2-54.el6_7.7.s390x.rpm
libvirt-python-0.10.2-54.el6_7.7.s390x.rpm

x86_64:
libvirt-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-client-0.10.2-54.el6_7.7.i686.rpm
libvirt-client-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-devel-0.10.2-54.el6_7.7.i686.rpm
libvirt-devel-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-python-0.10.2-54.el6_7.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.7):

x86_64:
libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm
libvirt-lock-sanlock-0.10.2-54.el6_7.7.x86_64.rpm

These packages are GPG signed by Red Hat

[RHSA-2018:0109-01] Important: libvirt security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: libvirt security update
Advisory ID:   RHSA-2018:0109-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0109
Issue date:2018-01-22
=

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the libvirt side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
libvirt-0.10.2-46.el6_6.7.src.rpm

x86_64:
libvirt-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-client-0.10.2-46.el6_6.7.i686.rpm
libvirt-client-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-debuginfo-0.10.2-46.el6_6.7.i686.rpm
libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-devel-0.10.2-46.el6_6.7.i686.rpm
libvirt-devel-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-python-0.10.2-46.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source:
libvirt-0.10.2-46.el6_6.7.src.rpm

x86_64:
libvirt-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-client-0.10.2-46.el6_6.7.i686.rpm
libvirt-client-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-debuginfo-0.10.2-46.el6_6.7.i686.rpm
libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-devel-0.10.2-46.el6_6.7.i686.rpm
libvirt-devel-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-python-0.10.2-46.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.6):

x86_64:
libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-lock-sanlock-0.10.2-46.el6_6.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 6.6):

x86_64:
libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm
libvirt-lock-sanlock-0.10.2-46.el6_6.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/security/cve/CVE-2017-5715

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFaZcBXXlSAg2UNWIIRAiTiAJ4qp7iVIoyw593w+/y9G/l7XNvIYACfVPSN
Fsar/gzSaIfPmmTCy4lLKXI=
=zkXO
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

[RHSA-2018:0104-01] Important: qemu-kvm security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: qemu-kvm security update
Advisory ID:   RHSA-2018:0104-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0104
Issue date:2018-01-22
=

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm package provides the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
qemu-kvm-0.12.1.2-2.448.el6_6.5.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-img-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-kvm-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.448.el6_6.5.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source:
qemu-kvm-0.12.1.2-2.448.el6_6.5.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-img-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-kvm-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.5.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.448.el6_6.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/security/cve/CVE-2017-5715

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFaZcBsXlSAg2UNWIIRAmP4AJ4wG6X5icAlVNDgoq7MFtgmsa8LEQCeK7cD
MWIO7ShwBQRtEzuf4e9ruXg=
=JPyp
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

[RHSA-2018:0111-01] Important: libvirt security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: libvirt security update
Advisory ID:   RHSA-2018:0111-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0111
Issue date:2018-01-22
=

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the libvirt side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
libvirt-0.10.2-18.el6_4.16.src.rpm

x86_64:
libvirt-0.10.2-18.el6_4.16.x86_64.rpm
libvirt-client-0.10.2-18.el6_4.16.i686.rpm
libvirt-client-0.10.2-18.el6_4.16.x86_64.rpm
libvirt-debuginfo-0.10.2-18.el6_4.16.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.16.x86_64.rpm
libvirt-devel-0.10.2-18.el6_4.16.i686.rpm
libvirt-devel-0.10.2-18.el6_4.16.x86_64.rpm
libvirt-python-0.10.2-18.el6_4.16.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

Source:
libvirt-0.10.2-18.el6_4.16.src.rpm

x86_64:
libvirt-debuginfo-0.10.2-18.el6_4.16.x86_64.rpm
libvirt-lock-sanlock-0.10.2-18.el6_4.16.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/security/cve/CVE-2017-5715

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFaZb9mXlSAg2UNWIIRAqu4AJ9AlvFzs82A1piS1uHUtUs38B9TmgCeOnN0
brpH6GVjqc8cdiLjnih7agw=
=YTVf
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

[RHSA-2018:0103-01] Important: qemu-kvm security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: qemu-kvm security update
Advisory ID:   RHSA-2018:0103-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0103
Issue date:2018-01-22
=

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm package provides the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
qemu-kvm-0.12.1.2-2.479.el6_7.6.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-img-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.479.el6_7.6.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
qemu-kvm-0.12.1.2-2.479.el6_7.6.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.479.el6_7.6.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.i686.rpm

ppc64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.6.ppc64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.ppc64.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-img-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.479.el6_7.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/security/cve/CVE-2017-5715

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFaZb2HXlSAg2UNWIIRAkdDAJ9q04dz0G95UkoUZm44OhcWALc9WQCgnZhK
AcUggf1pHW8mbSAWI7RQtxE=
=ig0u
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

[RHSA-2018:0110-01] Important: libvirt security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: libvirt security update
Advisory ID:   RHSA-2018:0110-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0110
Issue date:2018-01-22
=

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the libvirt side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
libvirt-0.10.2-29.el6_5.15.src.rpm

x86_64:
libvirt-0.10.2-29.el6_5.15.x86_64.rpm
libvirt-client-0.10.2-29.el6_5.15.i686.rpm
libvirt-client-0.10.2-29.el6_5.15.x86_64.rpm
libvirt-debuginfo-0.10.2-29.el6_5.15.i686.rpm
libvirt-debuginfo-0.10.2-29.el6_5.15.x86_64.rpm
libvirt-devel-0.10.2-29.el6_5.15.i686.rpm
libvirt-devel-0.10.2-29.el6_5.15.x86_64.rpm
libvirt-python-0.10.2-29.el6_5.15.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.5):

Source:
libvirt-0.10.2-29.el6_5.15.src.rpm

x86_64:
libvirt-debuginfo-0.10.2-29.el6_5.15.x86_64.rpm
libvirt-lock-sanlock-0.10.2-29.el6_5.15.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/security/cve/CVE-2017-5715

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFaZb/eXlSAg2UNWIIRAjgLAKClQFQXINB37ziO/qBzuZhyM3nEYQCgiuwk
aiPyFFF2aSq6T9dVEWl9GK0=
=ovxr
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

[RHSA-2018:0105-01] Important: qemu-kvm security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: qemu-kvm security update
Advisory ID:   RHSA-2018:0105-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0105
Issue date:2018-01-22
=

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm package provides the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
qemu-kvm-0.12.1.2-2.415.el6_5.17.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6_5.17.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6_5.17.x86_64.rpm
qemu-kvm-0.12.1.2-2.415.el6_5.17.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.17.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.415.el6_5.17.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/security/cve/CVE-2017-5715

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFaZb1KXlSAg2UNWIIRAngdAJ4xQ5GZb649xmMCbkSDhKEwDDxxTACghQiK
EY+Hx9Pe5K+7pvX2r5VUaCU=
=X7HZ
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

[RHSA-2018:0106-01] Important: qemu-kvm security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: qemu-kvm security update
Advisory ID:   RHSA-2018:0106-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0106
Issue date:2018-01-22
=

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm package provides the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a commonly
used performance optimization). There are three primary variants of the
issue which differ in the way the speculative execution can be exploited.
Variant CVE-2017-5715 triggers the speculative execution by utilizing
branch target injection. It relies on the presence of a precisely-defined
instruction sequence in the privileged code as well as the fact that memory
accesses may cause allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually commit (retire). As
a result, an unprivileged attacker could use this flaw to cross the syscall
and guest/host boundaries and read privileged memory by conducting targeted
cache side-channel attacks. (CVE-2017-5715)

Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

Red Hat would like to thank Google Project Zero for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
qemu-kvm-0.12.1.2-2.355.el6_4.10.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.10.x86_64.rpm
qemu-img-0.12.1.2-2.355.el6_4.10.x86_64.rpm
qemu-kvm-0.12.1.2-2.355.el6_4.10.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.10.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.355.el6_4.10.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

x86_64:
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.10.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://access.redhat.com/security/cve/CVE-2017-5715

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFaZbweXlSAg2UNWIIRAtENAJwJOSN0jRMkdpcbxSnzioj/7+MOsgCfcpzk
zveFdz08rgI0ZzK4hnZXFbM=
=sf2Z
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

[RHSA-2018:0102-01] Important: bind security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: bind security update
Advisory ID:   RHSA-2018:0102-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0102
Issue date:2018-01-22
CVE Names: CVE-2017-3145 
=

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - 
aarch64, noarch, ppc64le
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 
7) - aarch64, ppc64le

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* A use-after-free flaw leading to denial of service was found in the way
BIND internally handled cleanup operations on upstream recursion fetch
contexts. A remote attacker could potentially use this flaw to make named,
acting as a DNSSEC validating resolver, exit unexpectedly with an assertion
failure via a specially crafted DNS request. (CVE-2017-3145)

Red Hat would like to thank ISC for reporting this issue. Upstream
acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1534812 - CVE-2017-3145 bind: Improper fetch cleanup sequencing in the resolver 
can cause named to crash

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
bind-9.9.4-51.el7_4.2.src.rpm

noarch:
bind-license-9.9.4-51.el7_4.2.noarch.rpm

x86_64:
bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm
bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm
bind-libs-9.9.4-51.el7_4.2.i686.rpm
bind-libs-9.9.4-51.el7_4.2.x86_64.rpm
bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm
bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm
bind-utils-9.9.4-51.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bind-9.9.4-51.el7_4.2.x86_64.rpm
bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm
bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm
bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm
bind-devel-9.9.4-51.el7_4.2.i686.rpm
bind-devel-9.9.4-51.el7_4.2.x86_64.rpm
bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm
bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm
bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm
bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm
bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm
bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm
bind-pkcs11-libs-9.9.4-51.el7_4.2.x86_64.rpm
bind-pkcs11-utils-9.9.4-51.el7_4.2.x86_64.rpm
bind-sdb-9.9.4-51.el7_4.2.x86_64.rpm
bind-sdb-chroot-9.9.4-51.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
bind-9.9.4-51.el7_4.2.src.rpm

noarch:
bind-license-9.9.4-51.el7_4.2.noarch.rpm

x86_64:
bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm
bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm
bind-libs-9.9.4-51.el7_4.2.i686.rpm
bind-libs-9.9.4-51.el7_4.2.x86_64.rpm
bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm
bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm
bind-utils-9.9.4-51.el7_4.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bind-9.9.4-51.el7_4.2.x86_64.rpm
bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm
bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm
bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm
bind-devel-9.9.4-51.el7_4.2.i686.rpm
bind-devel-9.9.4-51.el7_4.2.x86_64.rpm
bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm
bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm
bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm
bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm
bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm
bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm

[RHSA-2018:0101-01] Important: bind security update

2018-01-22 Thread Security announcements for all Red Hat products and services.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: bind security update
Advisory ID:   RHSA-2018:0101-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2018:0101
Issue date:2018-01-22
CVE Names: CVE-2017-3145 
=

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* A use-after-free flaw leading to denial of service was found in the way
BIND internally handled cleanup operations on upstream recursion fetch
contexts. A remote attacker could potentially use this flaw to make named,
acting as a DNSSEC validating resolver, exit unexpectedly with an assertion
failure via a specially crafted DNS request. (CVE-2017-3145)

Red Hat would like to thank ISC for reporting this issue. Upstream
acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1534812 - CVE-2017-3145 bind: Improper fetch cleanup sequencing in the resolver 
can cause named to crash

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
bind-9.8.2-0.62.rc1.el6_9.5.src.rpm

i386:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm

x86_64:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.5.i686.rpm

x86_64:
bind-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
bind-9.8.2-0.62.rc1.el6_9.5.src.rpm

x86_64:
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
bind-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-devel-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
bind-sdb-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
bind-9.8.2-0.62.rc1.el6_9.5.src.rpm

i386:
bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm

ppc64:
bind-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm
bind-chroot-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.ppc.rpm
bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.ppc.rpm
bind-libs-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm

[RHSA-2018:0115-01] Important: java-1.6.0-sun security update

[RHSA-2018:0108-01] Important: libvirt security update

[RHSA-2018:0109-01] Important: libvirt security update

[RHSA-2018:0104-01] Important: qemu-kvm security update

[RHSA-2018:0111-01] Important: libvirt security update

[RHSA-2018:0103-01] Important: qemu-kvm security update

[RHSA-2018:0110-01] Important: libvirt security update

[RHSA-2018:0105-01] Important: qemu-kvm security update

[RHSA-2018:0106-01] Important: qemu-kvm security update

[RHSA-2018:0102-01] Important: bind security update

[RHSA-2018:0101-01] Important: bind security update

11 matches

Site Navigation

Mail list logo

Footer information