[RHSA-2018:0115-01] Important: java-1.6.0-sun security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: java-1.6.0-sun security update Advisory ID: RHSA-2018:0115-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0115 Issue date:2018-01-22 CVE Names: CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 = 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 181. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1534263 - CVE-2018-2678 OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) 1534288 - CVE-2018-2677 OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) 1534296 - CVE-2018-2663 OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) 1534298 - CVE-2018-2579 OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) 1534299 - CVE-2018-2588 OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) 1534525 - CVE-2018-2602 OpenJDK: loading of classes from untrusted locations (I18n, 8182601) 1534543 - CVE-2018-2599 OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) 1534553 - CVE-2018-2603 OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) 1534625 - CVE-2018-2629 OpenJDK: GSS context use-after-free (JGSS, 8186212) 1534762 - CVE-2018-2618 OpenJDK: insufficient strength of key agreement (JCE, 8185292) 1534766 - CVE-2018-2641 OpenJDK: GTK library loading use-after-free (AWT, 8185325) 1534970 - CVE-2018-2637 OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) 1535036 - CVE-2018-2633 OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) 1535353 - CVE-2018-2657 Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.181-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.181-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.181-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux
[RHSA-2018:0108-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:0108-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0108 Issue date:2018-01-22 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: libvirt-0.10.2-54.el6_7.7.src.rpm x86_64: libvirt-0.10.2-54.el6_7.7.x86_64.rpm libvirt-client-0.10.2-54.el6_7.7.i686.rpm libvirt-client-0.10.2-54.el6_7.7.x86_64.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm libvirt-python-0.10.2-54.el6_7.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm libvirt-devel-0.10.2-54.el6_7.7.i686.rpm libvirt-devel-0.10.2-54.el6_7.7.x86_64.rpm libvirt-lock-sanlock-0.10.2-54.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: libvirt-0.10.2-54.el6_7.7.src.rpm i386: libvirt-0.10.2-54.el6_7.7.i686.rpm libvirt-client-0.10.2-54.el6_7.7.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm libvirt-devel-0.10.2-54.el6_7.7.i686.rpm libvirt-python-0.10.2-54.el6_7.7.i686.rpm ppc64: libvirt-0.10.2-54.el6_7.7.ppc64.rpm libvirt-client-0.10.2-54.el6_7.7.ppc.rpm libvirt-client-0.10.2-54.el6_7.7.ppc64.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.ppc.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.ppc64.rpm libvirt-devel-0.10.2-54.el6_7.7.ppc.rpm libvirt-devel-0.10.2-54.el6_7.7.ppc64.rpm libvirt-python-0.10.2-54.el6_7.7.ppc64.rpm s390x: libvirt-0.10.2-54.el6_7.7.s390x.rpm libvirt-client-0.10.2-54.el6_7.7.s390.rpm libvirt-client-0.10.2-54.el6_7.7.s390x.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.s390.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.s390x.rpm libvirt-devel-0.10.2-54.el6_7.7.s390.rpm libvirt-devel-0.10.2-54.el6_7.7.s390x.rpm libvirt-python-0.10.2-54.el6_7.7.s390x.rpm x86_64: libvirt-0.10.2-54.el6_7.7.x86_64.rpm libvirt-client-0.10.2-54.el6_7.7.i686.rpm libvirt-client-0.10.2-54.el6_7.7.x86_64.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm libvirt-devel-0.10.2-54.el6_7.7.i686.rpm libvirt-devel-0.10.2-54.el6_7.7.x86_64.rpm libvirt-python-0.10.2-54.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): x86_64: libvirt-debuginfo-0.10.2-54.el6_7.7.x86_64.rpm libvirt-lock-sanlock-0.10.2-54.el6_7.7.x86_64.rpm These packages are GPG signed by Red Hat
[RHSA-2018:0109-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:0109-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0109 Issue date:2018-01-22 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: libvirt-0.10.2-46.el6_6.7.src.rpm x86_64: libvirt-0.10.2-46.el6_6.7.x86_64.rpm libvirt-client-0.10.2-46.el6_6.7.i686.rpm libvirt-client-0.10.2-46.el6_6.7.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.7.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.7.i686.rpm libvirt-devel-0.10.2-46.el6_6.7.x86_64.rpm libvirt-python-0.10.2-46.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: libvirt-0.10.2-46.el6_6.7.src.rpm x86_64: libvirt-0.10.2-46.el6_6.7.x86_64.rpm libvirt-client-0.10.2-46.el6_6.7.i686.rpm libvirt-client-0.10.2-46.el6_6.7.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.7.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.7.i686.rpm libvirt-devel-0.10.2-46.el6_6.7.x86_64.rpm libvirt-python-0.10.2-46.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.7.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFaZcBXXlSAg2UNWIIRAiTiAJ4qp7iVIoyw593w+/y9G/l7XNvIYACfVPSN Fsar/gzSaIfPmmTCy4lLKXI= =zkXO -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:0104-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0104 Issue date:2018-01-22 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.5.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.5.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.5.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFaZcBsXlSAg2UNWIIRAmP4AJ4wG6X5icAlVNDgoq7MFtgmsa8LEQCeK7cD MWIO7ShwBQRtEzuf4e9ruXg= =JPyp -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:0111-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:0111-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0111 Issue date:2018-01-22 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: libvirt-0.10.2-18.el6_4.16.src.rpm x86_64: libvirt-0.10.2-18.el6_4.16.x86_64.rpm libvirt-client-0.10.2-18.el6_4.16.i686.rpm libvirt-client-0.10.2-18.el6_4.16.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6_4.16.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.16.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.16.i686.rpm libvirt-devel-0.10.2-18.el6_4.16.x86_64.rpm libvirt-python-0.10.2-18.el6_4.16.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: libvirt-0.10.2-18.el6_4.16.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6_4.16.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.16.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFaZb9mXlSAg2UNWIIRAqu4AJ9AlvFzs82A1piS1uHUtUs38B9TmgCeOnN0 brpH6GVjqc8cdiLjnih7agw= =YTVf -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:0103-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:0103-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0103 Issue date:2018-01-22 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: qemu-kvm-0.12.1.2-2.479.el6_7.6.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: qemu-kvm-0.12.1.2-2.479.el6_7.6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.479.el6_7.6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.i686.rpm ppc64: qemu-guest-agent-0.12.1.2-2.479.el6_7.6.ppc64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.ppc64.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFaZb2HXlSAg2UNWIIRAkdDAJ9q04dz0G95UkoUZm44OhcWALc9WQCgnZhK AcUggf1pHW8mbSAWI7RQtxE= =ig0u -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:0110-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:0110-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0110 Issue date:2018-01-22 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the libvirt side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: libvirt-0.10.2-29.el6_5.15.src.rpm x86_64: libvirt-0.10.2-29.el6_5.15.x86_64.rpm libvirt-client-0.10.2-29.el6_5.15.i686.rpm libvirt-client-0.10.2-29.el6_5.15.x86_64.rpm libvirt-debuginfo-0.10.2-29.el6_5.15.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.15.x86_64.rpm libvirt-devel-0.10.2-29.el6_5.15.i686.rpm libvirt-devel-0.10.2-29.el6_5.15.x86_64.rpm libvirt-python-0.10.2-29.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: libvirt-0.10.2-29.el6_5.15.src.rpm x86_64: libvirt-debuginfo-0.10.2-29.el6_5.15.x86_64.rpm libvirt-lock-sanlock-0.10.2-29.el6_5.15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFaZb/eXlSAg2UNWIIRAjgLAKClQFQXINB37ziO/qBzuZhyM3nEYQCgiuwk aiPyFFF2aSq6T9dVEWl9GK0= =ovxr -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:0105-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:0105-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0105 Issue date:2018-01-22 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: qemu-kvm-0.12.1.2-2.415.el6_5.17.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.17.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.17.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.17.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.17.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.17.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFaZb1KXlSAg2UNWIIRAngdAJ4xQ5GZb649xmMCbkSDhKEwDDxxTACghQiK EY+Hx9Pe5K+7pvX2r5VUaCU= =X7HZ -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:0106-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:0106-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0106 Issue date:2018-01-22 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: qemu-kvm-0.12.1.2-2.355.el6_4.10.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.10.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.10.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.10.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.10.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.10.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFaZbweXlSAg2UNWIIRAtENAJwJOSN0jRMkdpcbxSnzioj/7+MOsgCfcpzk zveFdz08rgI0ZzK4hnZXFbM= =sf2Z -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:0102-01] Important: bind security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2018:0102-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0102 Issue date:2018-01-22 CVE Names: CVE-2017-3145 = 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1534812 - CVE-2017-3145 bind: Improper fetch cleanup sequencing in the resolver can cause named to crash 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-51.el7_4.2.src.rpm noarch: bind-license-9.9.4-51.el7_4.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-9.9.4-51.el7_4.2.i686.rpm bind-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm bind-utils-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-51.el7_4.2.x86_64.rpm bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-devel-9.9.4-51.el7_4.2.i686.rpm bind-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-9.9.4-51.el7_4.2.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-51.el7_4.2.src.rpm noarch: bind-license-9.9.4-51.el7_4.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-9.9.4-51.el7_4.2.i686.rpm bind-libs-9.9.4-51.el7_4.2.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm bind-utils-9.9.4-51.el7_4.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-51.el7_4.2.x86_64.rpm bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.2.i686.rpm bind-debuginfo-9.9.4-51.el7_4.2.x86_64.rpm bind-devel-9.9.4-51.el7_4.2.i686.rpm bind-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm
[RHSA-2018:0101-01] Important: bind security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2018:0101-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0101 Issue date:2018-01-22 CVE Names: CVE-2017-3145 = 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1534812 - CVE-2017-3145 bind: Improper fetch cleanup sequencing in the resolver can cause named to crash 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.62.rc1.el6_9.5.src.rpm i386: bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-utils-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.5.i686.rpm x86_64: bind-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.62.rc1.el6_9.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-utils-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.62.rc1.el6_9.5.src.rpm i386: bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm ppc64: bind-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.ppc.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.ppc.rpm bind-libs-9.8.2-0.62.rc1.el6_9.5.ppc64.rpm