[RHSA-2018:3052-01] Moderate: wget security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: wget security and bug fix update Advisory ID: RHSA-2018:3052-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3052 Issue date:2018-10-30 CVE Names: CVE-2018-0494 = 1. Summary: An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es): * wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1575634 - CVE-2018-0494 wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: wget-1.14-18.el7.src.rpm x86_64: wget-1.14-18.el7.x86_64.rpm wget-debuginfo-1.14-18.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: wget-1.14-18.el7.src.rpm x86_64: wget-1.14-18.el7.x86_64.rpm wget-debuginfo-1.14-18.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wget-1.14-18.el7.src.rpm ppc64: wget-1.14-18.el7.ppc64.rpm wget-debuginfo-1.14-18.el7.ppc64.rpm ppc64le: wget-1.14-18.el7.ppc64le.rpm wget-debuginfo-1.14-18.el7.ppc64le.rpm s390x: wget-1.14-18.el7.s390x.rpm wget-debuginfo-1.14-18.el7.s390x.rpm x86_64: wget-1.14-18.el7.x86_64.rpm wget-debuginfo-1.14-18.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: wget-1.14-18.el7.src.rpm aarch64: wget-1.14-18.el7.aarch64.rpm wget-debuginfo-1.14-18.el7.aarch64.rpm ppc64le: wget-1.14-18.el7.ppc64le.rpm wget-debuginfo-1.14-18.el7.ppc64le.rpm s390x: wget-1.14-18.el7.s390x.rpm wget-debuginfo-1.14-18.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wget-1.14-18.el7.src.rpm x86_64: wget-1.14-18.el7.x86_64.rpm wget-debuginfo-1.14-18.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0494 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9gPu9zjgjWX9erEAQgowQ/8C4OuC6FH98E39JounSurSVilp1qqyZ2X 7URqvRPv4ZikXqDpvq0n5snuf1y1pe5DgbadL2C0FTEWfZpoiNXhTKOqvms8fbDf ljZn/yYr3RC/KG/aqa2/kvXBojQfWebkBKAqSpK92N/5dCVjDCMX/6kb7mOKpge7 x/aZ9QDLwoeA3Ce2a/1r6BZ72QC9D9oi27+4EJjaAnaEH6EkjrMD1gOW11sncBJb NRky7H/duYcpbrbTL/qKJFeIBckPq257Dl7ThyEedhtW0az0ljhpquKTotTIHxtL bESSRhoxnvFoztKTVvTAtUqr+EQNeSV88i4bW59zHcOrnothm1s2ou//LFf+nDSy cgnneUO74mPeuZB1WPr+XHjCVYDxcthXS/On0EEqIB9gmiAn4AZF9IQrzktdXWu/ zsA41P2mOq/PPx9R0V3UjwJzNgNVlldCKzSqicW0TuYtJ6YZ8nKYfvl87oOq+jyO xq/ixwQ5n1DJS+3hSni8KJ4egk3Zjq15S0n78jOLG2Da/b9e0uJBbcEQqdVAjjdA ItoFra2fhV18Msv+LCqGYx9uLWJDhu8a5i/2hUqUFtGRORKiqo757geQZ+Gzg/8c e9t/lkKkwmsQXp1kDf6QivlV2mbJCdp1wPUSiMc7ajqglYQkfNYql7iV5seEgL3r jQw01uNBQV8= =VM9H -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3050-01] Moderate: gnutls security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: gnutls security, bug fix, and enhancement update Advisory ID: RHSA-2018:3050-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3050 Issue date:2018-10-30 CVE Names: CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 = 1. Summary: An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es): * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1375307 - Deleting softhsm PKCS#11 objects does not work with p11tool --(so-)login 1434091 - Session renegotiation fails with client certificates 1444792 - Provide ability to set the expected server name in gnutls-serv utility [rhel-7] 1460125 - p11tool: cannot import private keys into Atos HSM 1464896 - p11tool cannot generate DSA keys 1561481 - Rebase gnutls to upstream version 3.3.29 1582571 - CVE-2018-10844 gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls 1582572 - CVE-2018-10845 gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant 1582574 - CVE-2018-10846 gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gnutls-3.3.29-8.el7.src.rpm x86_64: gnutls-3.3.29-8.el7.i686.rpm gnutls-3.3.29-8.el7.x86_64.rpm gnutls-dane-3.3.29-8.el7.i686.rpm gnutls-dane-3.3.29-8.el7.x86_64.rpm gnutls-debuginfo-3.3.29-8.el7.i686.rpm gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm gnutls-utils-3.3.29-8.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gnutls-c++-3.3.29-8.el7.i686.rpm gnutls-c++-3.3.29-8.el7.x86_64.rpm gnutls-debuginfo-3.3.29-8.el7.i686.rpm gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm gnutls-devel-3.3.29-8.el7.i686.rpm gnutls-devel-3.3.29-8.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: gnutls-3.3.29-8.el7.src.rpm x86_64: gnutls-3.3.29-8.el7.i686.rpm gnutls-3.3.29-8.el7.x86_64.rpm gnutls-dane-3.3.29-8.el7.i686.rpm gnutls-dane-3.3.29-8.el7.x86_64.rpm gnutls-debuginfo-3.3.29-8.el7.i686.rpm gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm gnutls-utils-3.3.29-8.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: gnutls-c++-3.3.29-8.el7.i686.rpm gnutls-c++-3.3.29-8.el7.x86_64.rpm gnutls-debuginfo-3.3.29-8.el7.i686.rpm gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm gnutls-devel-3.3.29-8.el7.i686.rpm gnutls-devel-3.3.29-8.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gnutls-3.3.29-8.el7.src.rpm ppc64: gnutls-3.3.29-8.el7.ppc.rpm gnutls-3.3.29-8.el7.ppc64.rpm gnutls-c++-3.3.29-8.el7.ppc.rpm gnutls-c++-3.3.29-8.el7.ppc64.rpm gnutls-dane-3.3.29-8.el7.ppc.rpm gnutls-dane-3.3.29-8.el7.ppc64.rpm gnutls-debuginfo-3.3.29-8.el7.ppc.rpm gnutls-debuginfo-3.3.29-8.el7.ppc64.rpm gnutls-devel-3.3.29-8.el7.ppc.rpm
[RHSA-2018:3032-01] Low: binutils security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: binutils security, bug fix, and enhancement update Advisory ID: RHSA-2018:3032-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3032 Issue date:2018-10-30 CVE Names: CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-13033 = 1. Summary: An update for binutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208) * binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568) * binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569) * binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642) * binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643) * binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945) * binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372) * binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373) * binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534) * binutils: NULL pointer dereference in elf.c (CVE-2018-10535) * binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1439351 - [LLNL 7.5 FEAT] RFE create an option to permanently link in audit library into an executable (binutils) 1546622 - CVE-2018-7208 binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file 1551771 - CVE-2018-7568 binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library 1551778 - CVE-2018-7569 binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library 1553115 - CVE-2018-7642 binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash 1553119 - CVE-2018-7643 binutils: Integer overflow in the display_debug_ranges function resulting in crash 1553842 - Unresolvable `R_X86_64_NONE` relocation 1557346 - collect2: error: ld terminated with signal 11 [Segmentation fault], core dumped 1560827 - CVE-2018-8945 binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable 1573356 - CVE-2018-10372 binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file 1573365 - CVE-2018-10373 binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file 1573872 - ld should allow "lea foo@GOT, %ecx" 1574696 - CVE-2018-10534 binutils: out of bounds memory write in peXXigen.c files 1574697 -
[RHSA-2018:3397-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:3397-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3397 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: qemu-kvm-0.12.1.2-2.415.el6_5.19.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.19.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.19.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.19.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.19.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.19.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9hUOtzjgjWX9erEAQjgghAAh8FT6RFhlfd+3CeQSnOkj52o4uZTo0qa rvywaY74HjiZjpY9h6Li7urLMAVvoaoBFATwXVEX2Nvx2j8171TjLBPP/2zPskGX mxIrWh0dLi0k5J4YvXt/FLxcc3xO9wtvKOqw/kMSuIbHRS5d0IFP9UsSS5mVERbj rvwf/dsg2shhfuTeS8XsJrxDiE9iqvPGSQuAE6zar/gfdk5dj/ULP2eDSWP+Mo14 bUTG0b4X28Ex8AOuRilFvXiFL/Mj5gNpQJ3P0xEFhCWeVIWFgSQBgBqjWld/gTm9 sWA/FHNLHsfC1bGdrtfHkVt5d5Ji8n5myQF1JveQ+edodwdKN5QomHjBW4WeZ/+d FOer4vJjhc7Imf9QOgJTBSMQ3c7jAZsLY+7FvED+qFxfk/oErUPgCWyrtAS+4Sgu PWTebjW34x/eLg95BXkKUkccnCy1kKI3tFIL+ATUpSX6/YI3MhL9l8tcMz4wKzYt zFUZhX6vtFcbdKG6H6gD9J9JuoEZ34Yay/k+1rnGRZSZGlzH3jAz+t9d+9JmJ2qL z4bsXFNKcnbYV2VSmJ63QRqJgtyxVaHp+0PsWXe6ul/eAwMzgkLWqCNl/WYB38ac pFuG31pTEmzFqymfiCsw0YGEEoiU+VTW35CIa+Jgl+66qy6I7G9rv/kDXIbfcXOr KVUSl1Fl+7w= =2XuX -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3399-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:3399-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3399 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: libvirt-0.10.2-18.el6_4.18.src.rpm x86_64: libvirt-0.10.2-18.el6_4.18.x86_64.rpm libvirt-client-0.10.2-18.el6_4.18.i686.rpm libvirt-client-0.10.2-18.el6_4.18.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6_4.18.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.18.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.18.i686.rpm libvirt-devel-0.10.2-18.el6_4.18.x86_64.rpm libvirt-python-0.10.2-18.el6_4.18.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: libvirt-0.10.2-18.el6_4.18.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6_4.18.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.18.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9hmBNzjgjWX9erEAQjQ/g/8CVispqYX421Azt6eSIHRqxRgQctCHOHr HOwDW1KapBy1D1qlnBMHHfPwDISY38Mscc6ZewgddPzeLuSr5lpTX03qFi1SUmum AR+Fqk8DwgTUattWL04mGIsIQUDXAHbHTpAm5vO9cFpyBN+uMaj+Ys86d54i4n5X M9U1MyHzMYz9k8m+J5ofeNLwH4CaoFwOOdesarlHb9aL8du+/Muf5vjd+fQ6U8H5 JoLI5kRzrd3029uwDgj04nwsU669K9CVtGtwhQ2kbbPjatNSpufb4uEEN6jKm6LR MTZ1+SmW8Er6/OA0ZMmUXB4OTGlxmA4nb0knteKGYQmnrae2mRAjXOvsq0rI8Aek numqtRZnSwufXZaaoB0SmvsqfU9Z5l6Vn20AREAxYvGRKFeoJcQ+JGsErGYgIwcr uk0r3B8bYqbtOsAS86NpKxCGJxmLeEW7vgroUqHg/F+pgPS8PY2BpwCohtEBYOQg nJO8MCVI6jn7Ox6OGXjvFK87Gue8P6N5RENciRGwxqR696Xw9ZMsvAFutjqI3p3Q HeQ2LiX3sRRbjiVZwYAZ1rzC6igzbAajBxT4axrQ0IMEHD5saUlA50sBpFVrWMh6 mLrzcVkaDZBsvu55CeZQl8KByrUoNnBEIm8E+XM0nYO19XSKdNqGGnXTTu916nab xrTcYMj837w= =CIOc -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3396-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:3396-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3396 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: libvirt-0.10.2-29.el6_5.17.src.rpm x86_64: libvirt-0.10.2-29.el6_5.17.x86_64.rpm libvirt-client-0.10.2-29.el6_5.17.i686.rpm libvirt-client-0.10.2-29.el6_5.17.x86_64.rpm libvirt-debuginfo-0.10.2-29.el6_5.17.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.17.x86_64.rpm libvirt-devel-0.10.2-29.el6_5.17.i686.rpm libvirt-devel-0.10.2-29.el6_5.17.x86_64.rpm libvirt-python-0.10.2-29.el6_5.17.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: libvirt-0.10.2-29.el6_5.17.src.rpm x86_64: libvirt-debuginfo-0.10.2-29.el6_5.17.x86_64.rpm libvirt-lock-sanlock-0.10.2-29.el6_5.17.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9hKXNzjgjWX9erEAQiU1g//bR1/+A/hMMW1WRzpmc6FhP1MEDCohbPo +FZDPystz+DEAcAtclR5W7uMCnf9uMfazHnvhpPR0KYqsjLGTVutY/clpWkuszFz mmqvGXCeF3mAQ5T5fqMNDJ0YHsPXHoH+WnFfQG5r67esmeDJHH/DovtffEmfEkXD yewj10XRkyd8DLjh5ybzbviGsSR1B7ws5Sq9lBEssgNB6di0pU4df1TLWnjIJPWe YhXCfJt/ZBNwg+yHaJPQVcXYqkwL5cXq/fA162OUIcVhovOCrlLu3MhzAE9wauMZ c+g4YJL/FhtZsZvJXF4xzzmjilpbWdvSrumSQ9fG4HaatSYbn32KOPYXRPQJ49TD /uGC5neFBxoy7rjZNz6dvfgSFDS3gwUADEtBf09qXwuv3eOGTIeZpP2CGAFr0L0p pSiL0X4qlmmgn61ptVXdS7E/EJtfkdoxCPWXnWop0aoeHeGmEivxPyQ7TyCHeW3h AhjFUVQY9ePqUlAnA5qXAyMmvgI3ljtHP/Q+4tEXE1q5XA/RHgsOPIkXGmHgPCR+ EynDUtXcz15XND1FyJQS5xx2lCG5ALLV6pX24lEFNAhWzDGGZm1BU8nZswsn3YwU iIXXxlDC1TY/K1GT0XgwAeacg00KRD4FJ20SP3rpGxSUS3yORtRO2UI+gj8uztDZ JmXF6iFHebA= =kC8I -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3398-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:3398-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3398 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: libvirt-2.0.0-10.el7_3.13.src.rpm x86_64: libvirt-client-2.0.0-10.el7_3.13.i686.rpm libvirt-client-2.0.0-10.el7_3.13.x86_64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.i686.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3): x86_64: libvirt-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-config-network-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-interface-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-lxc-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-network-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-qemu-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-secret-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-driver-storage-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-kvm-2.0.0-10.el7_3.13.x86_64.rpm libvirt-daemon-lxc-2.0.0-10.el7_3.13.x86_64.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.i686.rpm libvirt-debuginfo-2.0.0-10.el7_3.13.x86_64.rpm libvirt-devel-2.0.0-10.el7_3.13.i686.rpm libvirt-devel-2.0.0-10.el7_3.13.x86_64.rpm libvirt-docs-2.0.0-10.el7_3.13.x86_64.rpm libvirt-lock-sanlock-2.0.0-10.el7_3.13.x86_64.rpm libvirt-login-shell-2.0.0-10.el7_3.13.x86_64.rpm libvirt-nss-2.0.0-10.el7_3.13.i686.rpm libvirt-nss-2.0.0-10.el7_3.13.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: libvirt-2.0.0-10.el7_3.13.src.rpm ppc64: libvirt-2.0.0-10.el7_3.13.ppc64.rpm libvirt-client-2.0.0-10.el7_3.13.ppc.rpm libvirt-client-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-config-network-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-interface-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-lxc-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-network-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.13.ppc64.rpm libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.13.ppc64.rpm
[RHSA-2018:3400-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:3400-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3400 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: libvirt-0.10.2-46.el6_6.9.src.rpm x86_64: libvirt-0.10.2-46.el6_6.9.x86_64.rpm libvirt-client-0.10.2-46.el6_6.9.i686.rpm libvirt-client-0.10.2-46.el6_6.9.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.9.i686.rpm libvirt-devel-0.10.2-46.el6_6.9.x86_64.rpm libvirt-python-0.10.2-46.el6_6.9.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: libvirt-0.10.2-46.el6_6.9.src.rpm x86_64: libvirt-0.10.2-46.el6_6.9.x86_64.rpm libvirt-client-0.10.2-46.el6_6.9.i686.rpm libvirt-client-0.10.2-46.el6_6.9.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.9.i686.rpm libvirt-devel-0.10.2-46.el6_6.9.x86_64.rpm libvirt-python-0.10.2-46.el6_6.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.9.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.9.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9hmt9zjgjWX9erEAQjL3w//REIrMBGNTNbKYC8OHWDjEloO/PxqCPQr e0wxa/67xN+8i/DFZGd0scd8UghTIoZqj4IK7ZVjxxq1Vf5YlNhC3ot4uAFZ5zi2 d+HxmA5X5901w7bOIbkQNBak6IP6KQbZW1VcucBC5uMdklzogEwAyhYkZOnzXPNd ix9Ul1IcrTmM+hr8qzJ/KZuTkweXIuSZ+B+cKa2cGc5ZlGp2a+jrnndVO2qyILmo 9KjpfN2BuAc+bK+NveFIJYXFXTbbTqIjA3Ax5t01k+Q7Kz4nhA3qdUsmXdgsL5hz mUnmsagQrnPhsLw7VetbD4/R65HRxR/W/Vskudt2rYo1Qm9PnLOYK1VrTTgv4Ee/
[RHSA-2018:3401-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:3401-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3401 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: qemu-kvm-0.12.1.2-2.355.el6_4.12.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.12.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.12.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.12.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.12.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.12.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.12.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9ho1dzjgjWX9erEAQhLzw//XZLTd3xeByrXt9/WyWJaHLFMEoMGnuIr FltQ0azEq9XNyKPqcAsy3zlki8+o8AVuVJ20XTktRQhADl6GNUSJJyNLkUyr5i1j IIsKCm0ArnSh4NXSCtNR+S2Ad/Vuw17dr1sy3v0MkgDLfaLWpOVDMGUHZzsVZYB/ e5+do6Jv94pMnM4CJNtIQHAPkNseOEfzvC978Eu/q33BnwvUp7nWiOQVgoTS+6h1 +TQzV+dbxRczkbLGoU0d1EZm0IN0tDHmxaFODckyads8eVj1hX77Hbgu2lxvkSzZ gOogMK27FVZVFqHq3tZMBEHrS5+uCTF3Np6XN+YVQEkyeUwzDrSsktH6YNRT6o+H g71Ddx0FFwRI6LPwOpR59gJ4fMpDKR7W0jdzfxCuOJUbC2A4Qrq/0MhRdu/ALZBa ZOC6ud/Z//7/yinC/6ZTXjch8BFn2ncm/U7OVqVoucwRBpscts4NlFGj4w8g27gS HEbvuey61Hc8W7bdWnIw88VFi8kTSu3WDCWA4LZPezPprW598XpgtopzjUkzWlzh LdIwvZWuj/Ib/QUSwXKmwy+tsQ5MmkMjjfOz/o/pGNO1b7PRoF1h4fInFJL+lYia kacL9TD5uj1K1xbWuVTbMYI/ALZ+diPOBeP3lGcQJv29FKjMcLF2xMePBVAH7NQE tGJ8ww4VIr4= =leF8 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3402-01] Important: libvirt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2018:3402-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3402 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - x86_64 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: libvirt-0.10.2-54.el6_7.9.src.rpm x86_64: libvirt-0.10.2-54.el6_7.9.x86_64.rpm libvirt-client-0.10.2-54.el6_7.9.i686.rpm libvirt-client-0.10.2-54.el6_7.9.x86_64.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.x86_64.rpm libvirt-python-0.10.2-54.el6_7.9.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: libvirt-debuginfo-0.10.2-54.el6_7.9.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.x86_64.rpm libvirt-devel-0.10.2-54.el6_7.9.i686.rpm libvirt-devel-0.10.2-54.el6_7.9.x86_64.rpm libvirt-lock-sanlock-0.10.2-54.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: libvirt-0.10.2-54.el6_7.9.src.rpm i386: libvirt-0.10.2-54.el6_7.9.i686.rpm libvirt-client-0.10.2-54.el6_7.9.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.i686.rpm libvirt-devel-0.10.2-54.el6_7.9.i686.rpm libvirt-python-0.10.2-54.el6_7.9.i686.rpm ppc64: libvirt-0.10.2-54.el6_7.9.ppc64.rpm libvirt-client-0.10.2-54.el6_7.9.ppc.rpm libvirt-client-0.10.2-54.el6_7.9.ppc64.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.ppc.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.ppc64.rpm libvirt-devel-0.10.2-54.el6_7.9.ppc.rpm libvirt-devel-0.10.2-54.el6_7.9.ppc64.rpm libvirt-python-0.10.2-54.el6_7.9.ppc64.rpm s390x: libvirt-0.10.2-54.el6_7.9.s390x.rpm libvirt-client-0.10.2-54.el6_7.9.s390.rpm libvirt-client-0.10.2-54.el6_7.9.s390x.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.s390.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.s390x.rpm libvirt-devel-0.10.2-54.el6_7.9.s390.rpm libvirt-devel-0.10.2-54.el6_7.9.s390x.rpm libvirt-python-0.10.2-54.el6_7.9.s390x.rpm x86_64: libvirt-0.10.2-54.el6_7.9.x86_64.rpm libvirt-client-0.10.2-54.el6_7.9.i686.rpm libvirt-client-0.10.2-54.el6_7.9.x86_64.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.i686.rpm libvirt-debuginfo-0.10.2-54.el6_7.9.x86_64.rpm libvirt-devel-0.10.2-54.el6_7.9.i686.rpm libvirt-devel-0.10.2-54.el6_7.9.x86_64.rpm libvirt-python-0.10.2-54.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): x86_64: libvirt-debuginfo-0.10.2-54.el6_7.9.x86_64.rpm libvirt-lock-sanlock-0.10.2-54.el6_7.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the
[RHSA-2018:3425-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:3425-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3425 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.7.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: qemu-kvm-0.12.1.2-2.448.el6_6.7.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.7.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9ipDNzjgjWX9erEAQgYihAAgmtZ6//E9m/4kxfZywrOvFQ7f9JTap/G IZ9oFfGutT2uuQ/5kc8ItCHP5ct9w9IQmSWY2c872NEd9rsDg8E3x/C2dgJB8pxv xyikXw3omz1oAo4WSKTha1vfLy0Vx7Ufuy993wJBLkXJ9xUXO5qkX1YSzyB/DaYF gf/vkFdMMwbCF0bR+04Gp/n7pD+3lB3ajc9LfXbWC3eJdSgLsxCvISaZ/f3N7BDe rmKJhwvex2N5UqqMz4+X4+/mF3qzoL0kEG3DNfZ5Zp/gO2UF6APYkr/iKwPQJAaW HsDSkuFuvgeCKuBbz8RgFzlInCerxU2V4ngBsJitgxFZNMAWc3bvFrmCRfge8o7M 7iPKygOHDMUxVc53zVdb/jy4+3td5Va+lGpoGMJAG4MLUCtM5K81/YmFZ6qkmjNE Du1jiTUALW71WpJuDA/3uHP5MwNJo2Q7H6Yr2ktzDyF/2pvIfG7LfXZ4tLvg+ZHn bzZbl08/s6mf3rVM3u6hsH276guDmBKps7ZY4W3r/Y2/4HUTpUlOXUEOpilZaaYc LJ9cBpaF68LR6NGSvBLT81oqkdYlk6p+Ki0fhBBQnP+jHSp3N/RJ+rL+E7EVwUlc FWt9+PXnMNZNNHm3Ei7aRA9OrxnfOZ3XOYYBp1W6a7IzJP2kqrpmqkkvrKwmaYCT HnEGcEKNukY= =56eA -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3406-01] Critical: python-paramiko security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Critical: python-paramiko security update Advisory ID: RHSA-2018:3406-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3406 Issue date:2018-10-30 CVE Names: CVE-2018-1000805 = 1. Summary: An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Enterprise Linux Server TUS (v. 6.6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es): * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1637263 - CVE-2018-1000805 python-paramiko: Authentication bypass in auth_handler.py 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: python-paramiko-1.7.5-5.el6_10.src.rpm noarch: python-paramiko-1.7.5-5.el6_10.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: python-paramiko-1.7.5-5.el6_10.src.rpm noarch: python-paramiko-1.7.5-5.el6_10.noarch.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: python-paramiko-1.7.5-4.el6_7.1.src.rpm noarch: python-paramiko-1.7.5-4.el6_7.1.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: python-paramiko-1.7.5-5.el6_10.src.rpm noarch: python-paramiko-1.7.5-5.el6_10.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: python-paramiko-1.7.5-4.el6_4.1.src.rpm noarch: python-paramiko-1.7.5-4.el6_4.1.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: python-paramiko-1.7.5-4.el6_5.1.src.rpm noarch: python-paramiko-1.7.5-4.el6_5.1.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 6.6): Source: python-paramiko-1.7.5-4.el6_6.1.src.rpm noarch: python-paramiko-1.7.5-4.el6_6.1.noarch.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: python-paramiko-1.7.5-4.el6_6.1.src.rpm noarch: python-paramiko-1.7.5-4.el6_6.1.noarch.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: python-paramiko-1.7.5-4.el6_7.1.src.rpm noarch: python-paramiko-1.7.5-4.el6_7.1.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: python-paramiko-1.7.5-5.el6_10.src.rpm noarch: python-paramiko-1.7.5-5.el6_10.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1000805 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9iN3dzjgjWX9erEAQg/8xAAh75X6eEXkHe9Q3GioWv5e+vpLFYFZ5Cq rClN7rNY60wadrtKqVzepIRpDJAFcwu+g0/2ZvFyfSxjJTKGbdpNjpIwanQFVlMs Zb2NPoDgdw+QZug+WRyeynriA/FPUKcXg+02LYTX8Wv8a4TE7xWh18gppgMCv2Oh IhNzP/D6YlYnL86uYdX/tPh4TiX2+4WcaU9phJJWM9b/mWyJ+tuJ3pDRxlflBFFj WlKo4XcrIzTwXMIWFFr0vUTz8FuLTJ9/xp3MRu/SA4YzMKF3siOKO2Nl0EZPCz5M
[RHSA-2018:3408-01] Important: git security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: git security update Advisory ID: RHSA-2018:3408-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3408 Issue date:2018-10-30 CVE Names: CVE-2018-17456 = 1. Summary: An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1636619 - CVE-2018-17456 git: arbitrary code execution via .gitmodules 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: git-1.8.3.1-20.el7.src.rpm noarch: emacs-git-1.8.3.1-20.el7.noarch.rpm emacs-git-el-1.8.3.1-20.el7.noarch.rpm git-all-1.8.3.1-20.el7.noarch.rpm git-bzr-1.8.3.1-20.el7.noarch.rpm git-cvs-1.8.3.1-20.el7.noarch.rpm git-email-1.8.3.1-20.el7.noarch.rpm git-gui-1.8.3.1-20.el7.noarch.rpm git-hg-1.8.3.1-20.el7.noarch.rpm git-instaweb-1.8.3.1-20.el7.noarch.rpm git-p4-1.8.3.1-20.el7.noarch.rpm gitk-1.8.3.1-20.el7.noarch.rpm gitweb-1.8.3.1-20.el7.noarch.rpm perl-Git-1.8.3.1-20.el7.noarch.rpm perl-Git-SVN-1.8.3.1-20.el7.noarch.rpm x86_64: git-1.8.3.1-20.el7.x86_64.rpm git-daemon-1.8.3.1-20.el7.x86_64.rpm git-debuginfo-1.8.3.1-20.el7.x86_64.rpm git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm git-svn-1.8.3.1-20.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: git-1.8.3.1-20.el7.src.rpm noarch: emacs-git-1.8.3.1-20.el7.noarch.rpm emacs-git-el-1.8.3.1-20.el7.noarch.rpm git-all-1.8.3.1-20.el7.noarch.rpm git-bzr-1.8.3.1-20.el7.noarch.rpm git-cvs-1.8.3.1-20.el7.noarch.rpm git-email-1.8.3.1-20.el7.noarch.rpm git-gui-1.8.3.1-20.el7.noarch.rpm git-hg-1.8.3.1-20.el7.noarch.rpm git-instaweb-1.8.3.1-20.el7.noarch.rpm git-p4-1.8.3.1-20.el7.noarch.rpm gitk-1.8.3.1-20.el7.noarch.rpm gitweb-1.8.3.1-20.el7.noarch.rpm perl-Git-1.8.3.1-20.el7.noarch.rpm perl-Git-SVN-1.8.3.1-20.el7.noarch.rpm x86_64: git-1.8.3.1-20.el7.x86_64.rpm git-daemon-1.8.3.1-20.el7.x86_64.rpm git-debuginfo-1.8.3.1-20.el7.x86_64.rpm git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm git-svn-1.8.3.1-20.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: git-1.8.3.1-20.el7.src.rpm noarch: perl-Git-1.8.3.1-20.el7.noarch.rpm ppc64: git-1.8.3.1-20.el7.ppc64.rpm git-debuginfo-1.8.3.1-20.el7.ppc64.rpm ppc64le: git-1.8.3.1-20.el7.ppc64le.rpm git-debuginfo-1.8.3.1-20.el7.ppc64le.rpm s390x: git-1.8.3.1-20.el7.s390x.rpm git-debuginfo-1.8.3.1-20.el7.s390x.rpm x86_64: git-1.8.3.1-20.el7.x86_64.rpm git-debuginfo-1.8.3.1-20.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: git-1.8.3.1-20.el7.src.rpm aarch64: git-1.8.3.1-20.el7.aarch64.rpm git-debuginfo-1.8.3.1-20.el7.aarch64.rpm noarch: perl-Git-1.8.3.1-20.el7.noarch.rpm ppc64le: git-1.8.3.1-20.el7.ppc64le.rpm git-debuginfo-1.8.3.1-20.el7.ppc64le.rpm s390x: git-1.8.3.1-20.el7.s390x.rpm
[RHSA-2018:3410-01] Important: xorg-x11-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: xorg-x11-server security update Advisory ID: RHSA-2018:3410-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3410 Issue date:2018-10-30 CVE Names: CVE-2018-14665 = 1. Summary: An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1637761 - CVE-2018-14665 xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: xorg-x11-server-1.20.1-5.1.el7.src.rpm x86_64: xorg-x11-server-Xephyr-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-common-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: xorg-x11-server-source-1.20.1-5.1.el7.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xnest-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xvfb-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xwayland-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.i686.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-devel-1.20.1-5.1.el7.i686.rpm xorg-x11-server-devel-1.20.1-5.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xorg-x11-server-1.20.1-5.1.el7.src.rpm noarch: xorg-x11-server-source-1.20.1-5.1.el7.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xephyr-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xnest-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xvfb-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xwayland-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-common-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.i686.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-devel-1.20.1-5.1.el7.i686.rpm xorg-x11-server-devel-1.20.1-5.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: xorg-x11-server-1.20.1-5.1.el7.src.rpm ppc64: xorg-x11-server-Xephyr-1.20.1-5.1.el7.ppc64.rpm xorg-x11-server-Xorg-1.20.1-5.1.el7.ppc64.rpm xorg-x11-server-common-1.20.1-5.1.el7.ppc64.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.ppc64.rpm ppc64le: xorg-x11-server-Xephyr-1.20.1-5.1.el7.ppc64le.rpm xorg-x11-server-Xorg-1.20.1-5.1.el7.ppc64le.rpm xorg-x11-server-common-1.20.1-5.1.el7.ppc64le.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.ppc64le.rpm s390x: xorg-x11-server-Xephyr-1.20.1-5.1.el7.s390x.rpm xorg-x11-server-common-1.20.1-5.1.el7.s390x.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-common-1.20.1-5.1.el7.x86_64.rpm xorg-x11-server-debuginfo-1.20.1-5.1.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: xorg-x11-server-1.20.1-5.1.el7.src.rpm
[RHSA-2018:3403-01] Important: thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2018:3403-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3403 Issue date:2018-10-30 CVE Names: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 = 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, Nils, Zhanjia Song, Holger Fuhrmannek, Philipp, and Jurgen Gaeremyn as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1510816 - CVE-2017-16541 Mozilla: Proxy bypass using automount and autofs 1625525 - CVE-2018-12376 Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 1625526 - CVE-2018-12377 Mozilla: Use-after-free in driver timers 1625527 - CVE-2018-12378 Mozilla: Use-after-free in IndexedDB 1625528 - CVE-2018-12379 Mozilla: Out-of-bounds write with malicious MAR file 1625531 - CVE-2018-12383 Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords 1632062 - CVE-2018-12385 Mozilla: Crash in TransportSecurityInfo due to cached data 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-60.2.1-5.el6.src.rpm i386: thunderbird-60.2.1-5.el6.i686.rpm thunderbird-debuginfo-60.2.1-5.el6.i686.rpm x86_64: thunderbird-60.2.1-5.el6.x86_64.rpm thunderbird-debuginfo-60.2.1-5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-60.2.1-5.el6.src.rpm i386: thunderbird-60.2.1-5.el6.i686.rpm thunderbird-debuginfo-60.2.1-5.el6.i686.rpm ppc64: thunderbird-60.2.1-5.el6.ppc64.rpm thunderbird-debuginfo-60.2.1-5.el6.ppc64.rpm s390x: thunderbird-60.2.1-5.el6.s390x.rpm thunderbird-debuginfo-60.2.1-5.el6.s390x.rpm x86_64: thunderbird-60.2.1-5.el6.x86_64.rpm thunderbird-debuginfo-60.2.1-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-60.2.1-5.el6.src.rpm i386: thunderbird-60.2.1-5.el6.i686.rpm thunderbird-debuginfo-60.2.1-5.el6.i686.rpm x86_64: thunderbird-60.2.1-5.el6.x86_64.rpm thunderbird-debuginfo-60.2.1-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-16541 https://access.redhat.com/security/cve/CVE-2018-12376 https://access.redhat.com/security/cve/CVE-2018-12377
[RHSA-2018:3404-01] Low: Red Hat Enterprise Linux 7.3 Extended Update Support One-Month Notice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 7.3 Extended Update Support One-Month Notice Advisory ID: RHSA-2018:3404-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3404 Issue date:2018-10-30 = 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 7.3 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 7.3. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.3 will be retired as of November 30, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.3 EUS after November 30, 2018. In addition, on-going technical support through Red Hat's Customer Experience and Engagement will be limited as described under "non-current minor releases" in the Knowledge Base article located here https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 7.3 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory 5. Bugs fixed (https://bugzilla.redhat.com/): 1634111 - Send out Red Hat Enterprise Linux 7.3 Extended Update Support One-Month Notice 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: redhat-release-computenode-7.3-4.el7.2.src.rpm x86_64: redhat-release-computenode-7.3-4.el7.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: redhat-release-server-7.3-7.el7_3.3.src.rpm ppc64: redhat-release-server-7.3-7.el7_3.3.ppc64.rpm ppc64le: redhat-release-server-7.3-7.el7_3.3.ppc64le.rpm s390x: redhat-release-server-7.3-7.el7_3.3.s390x.rpm x86_64: redhat-release-server-7.3-7.el7_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9iOD9zjgjWX9erEAQgB4A/+Nu04HFD7/fXXwFx+BYuKdV9xXpKzUisC w6sGvBbUpzL5M5CN06V49Vgp1DucJETrRBT9eF48tJDivEFKyHJCM9y0mdiFxoCb TUVRhtk9MUKAz/NS8u0fNejaCn18lr0kP4OC6e7e9D/tKTlDrHIfmK9OnRD9qavK s1d9sFU32dr81t4XGTPyJMvz41Bp0QqWGLowblA67bTB3mwcYfwwZy0CauoDgliy 9vN7c3Cl2WIpEbYfjWPhVnmsyHpZeY1t5VPaxw5/cx0u6KEyj11PmilRx6yI1p48 /b9Xn0eVddhs3au8vgk+VUWLJshqwQZL9hZjH/ybNitsYhDUPFdx4lsWe3klP8q2 RT65AzDq4RnC6U2+A+TaIP7DBjgCAUoRkgtMxtLki1CTPFwaFx5d8sW5yii/loMp 9kAQO813etddZsoAcNB762JvjDTtzxz+/De4JGf60g4NFwFDFOlL195D1UxKUKld 2SSZrnxZ7vrTuJ3ZkL3DRq/urAfKhQ6RdHFkXu1H23ASNBaa70xSRJX6ibltf8tJ Uw7xqx1qcHLXKSksUNBo9yLp+ZNYuYjzH8Lxe/EYIaEHiKo6YtBPI7ZU/6G0ymxP 9pTyqrHwIyGL9a/fb2LZmqTzK+AJxjT3YAvBk7ZhzxD0UQxxk6pp9ccHf6nOU+3V RyoqmTBCSQw= =xfTn -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3424-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:3424-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3424 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: qemu-kvm-0.12.1.2-2.479.el6_7.8.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.8.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: qemu-kvm-0.12.1.2-2.479.el6_7.8.src.rpm i386: qemu-guest-agent-0.12.1.2-2.479.el6_7.8.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.8.i686.rpm ppc64: qemu-guest-agent-0.12.1.2-2.479.el6_7.8.ppc64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.8.ppc64.rpm x86_64: qemu-guest-agent-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.8.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ssbd 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9ipFdzjgjWX9erEAQiMRA/9FuTKlxLOynkADPCnOfUmmEto09NDaKiO pCZZLtrL2YbrsqHfE6vhi3ZD1zJZ2IQnQikEdUCBU+8whCVOn6J+oG19a7w2Pulj Qk3qufxDQjyy7eCzRz4XNFXPGXTRZ7lb4s6sYZ9RlONo3d/KXiYWR3ky7BukClqc xVZKXYdzHGdDiKG812CeEePQaBN6XFTz0YJxapWDDLPJirHewy81dxxyB9qHFpdn Tfx1IVxe0VlVIrGNyuZL+ME/ysWNhTXA637Vm5z4R/9UcL0YfnX6gET6u1BjpdU5 8uQgZ1lCwiABJu9jyIvllJLLdbPQ34ylQaSLUa/Hfr0eKJWAvpYhqBDL4PmAedCD YEIgvqyuhQjBmMSX5a4qWGyKpfOuiqGvGdBDyG5A8JXnxpwl7IRGsgOCALowYw8J h4wYDFeRzZt07BCzFXkrv4cpnRC8YvcMp6wwb2id8mTokpvxiICdsbLYdCVucC8F IzDrfmcyI8zOdX9l4IPYaYS++gMmPw7s6RnPdx/ckWJc0fiVj9vopscnZaGBNCjW M0HToT3U+eX+H9JwwMRQNdllqOk57zuErRrPx0Ker4iE045T0RacnfncW5oovZX4 uzXxztHPQPykLiI4V+HzNdP0a0Adys6OtA4NxFupxP584/SjWgiCLeL15boA2zpf c3Kx/T09l6s= =5x4G -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com
[RHSA-2018:3423-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2018:3423-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3423 Issue date:2018-10-30 CVE Names: CVE-2018-3639 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639 virt-ssbd AMD) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: qemu-kvm-1.5.3-105.el7_2.18.src.rpm x86_64: libcacard-1.5.3-105.el7_2.18.i686.rpm libcacard-1.5.3-105.el7_2.18.x86_64.rpm qemu-img-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.18.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: qemu-kvm-1.5.3-105.el7_2.18.src.rpm x86_64: libcacard-1.5.3-105.el7_2.18.i686.rpm libcacard-1.5.3-105.el7_2.18.x86_64.rpm qemu-img-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.18.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: qemu-kvm-1.5.3-105.el7_2.18.src.rpm x86_64: libcacard-1.5.3-105.el7_2.18.i686.rpm libcacard-1.5.3-105.el7_2.18.x86_64.rpm qemu-img-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-common-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-tools-1.5.3-105.el7_2.18.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: libcacard-devel-1.5.3-105.el7_2.18.i686.rpm libcacard-devel-1.5.3-105.el7_2.18.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): x86_64: libcacard-devel-1.5.3-105.el7_2.18.i686.rpm libcacard-devel-1.5.3-105.el7_2.18.x86_64.rpm libcacard-tools-1.5.3-105.el7_2.18.x86_64.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.i686.rpm qemu-kvm-debuginfo-1.5.3-105.el7_2.18.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v.
[RHSA-2018:3107-01] Moderate: wpa_supplicant security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: wpa_supplicant security and bug fix update Advisory ID: RHSA-2018:3107-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3107 Issue date:2018-10-30 CVE Names: CVE-2018-14526 = 1. Summary: An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es): * wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1434434 - wpa_supplicant is responding to packets which are not destined for it. 1490885 - NetworkManager's mac randomization can lead into MSK mismatch with hostapd and 802.1x 1614520 - CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: wpa_supplicant-2.6-12.el7.src.rpm x86_64: wpa_supplicant-2.6-12.el7.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: wpa_supplicant-2.6-12.el7.src.rpm x86_64: wpa_supplicant-2.6-12.el7.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wpa_supplicant-2.6-12.el7.src.rpm ppc64: wpa_supplicant-2.6-12.el7.ppc64.rpm wpa_supplicant-debuginfo-2.6-12.el7.ppc64.rpm ppc64le: wpa_supplicant-2.6-12.el7.ppc64le.rpm wpa_supplicant-debuginfo-2.6-12.el7.ppc64le.rpm s390x: wpa_supplicant-2.6-12.el7.s390x.rpm wpa_supplicant-debuginfo-2.6-12.el7.s390x.rpm x86_64: wpa_supplicant-2.6-12.el7.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: wpa_supplicant-2.6-12.el7.src.rpm aarch64: wpa_supplicant-2.6-12.el7.aarch64.rpm wpa_supplicant-debuginfo-2.6-12.el7.aarch64.rpm ppc64le: wpa_supplicant-2.6-12.el7.ppc64le.rpm wpa_supplicant-debuginfo-2.6-12.el7.ppc64le.rpm s390x: wpa_supplicant-2.6-12.el7.s390x.rpm wpa_supplicant-debuginfo-2.6-12.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wpa_supplicant-2.6-12.el7.src.rpm x86_64: wpa_supplicant-2.6-12.el7.x86_64.rpm wpa_supplicant-debuginfo-2.6-12.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-14526 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9gQE9zjgjWX9erEAQjHgw/+NxhzTfanhQKv3AOQ7Wdac1ouHuQZikrO cOC2n5JUsjCx62t3aKFE4l3jop5dJxZRCjVIhVG7KUwcy+fSPijDxlel2vnNRZqp mXkmq4g4DUO2ZZLCLYcCTktPxQx2eiudfGtnBmkRwMJ1BjHx9pMu0HSNIrm0kDN2 rCSGYDTvVbd+yyQaJRgZpV4VOv2tKSui1ELtYNsYq1YFb4peMq4hvEHuWH5UbEE7 nyUijW0CJZC7scwQiWOT74fhqh4Y8Rh5fiNZqGNRP+G80uTbnvLS9IwEnDrXJ21B B84TqlGO+TfhK01/Oz6Ad4NNA46lTlsnGu5Xw9RHCMuLLARt5xNxGZcverCHs/Jg 4Jcx60NL8cTH7Q1xDdyTpSwgQNb+0NvW7uPWZxIx/tFQ45wuuVKc4ktoBIh0ZH1j
[RHSA-2018:3073-01] Moderate: zsh security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: zsh security and bug fix update Advisory ID: RHSA-2018:3073-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3073 Issue date:2018-10-30 CVE Names: CVE-2014-10071 CVE-2014-10072 CVE-2017-18205 CVE-2017-18206 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-7549 = 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow for very long fds in >& fd syntax (CVE-2014-10071) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: NULL dereference in cd in sh compatibility mode under given circumstances (CVE-2017-18205) * zsh: buffer overrun in symlinks (CVE-2017-18206) * zsh: Stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071) * zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100) * zsh: crash on copying empty hash table (CVE-2018-7549) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1083, CVE-2018-1071, and CVE-2018-1100 issues were discovered by Richard Maciel Costa (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1549836 - CVE-2014-10072 zsh: buffer overflow when scanning very long directory paths for symbolic links 1549855 - CVE-2014-10071 zsh: buffer overflow for very long fds in >& fd syntax 1549858 - CVE-2018-7549 zsh: crash on copying empty hash table 1549861 - CVE-2017-18206 zsh: buffer overrun in symlinks 1549862 - CVE-2017-18205 zsh: NULL dereference in cd in sh compatibility mode under given circumstances 1553531 - CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd() 1557382 - CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c 1563395 - CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: zsh-5.0.2-31.el7.src.rpm x86_64: zsh-5.0.2-31.el7.x86_64.rpm zsh-debuginfo-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-31.el7.x86_64.rpm zsh-html-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: zsh-5.0.2-31.el7.src.rpm x86_64: zsh-5.0.2-31.el7.x86_64.rpm zsh-debuginfo-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-31.el7.x86_64.rpm zsh-html-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: zsh-5.0.2-31.el7.src.rpm ppc64: zsh-5.0.2-31.el7.ppc64.rpm zsh-debuginfo-5.0.2-31.el7.ppc64.rpm ppc64le: zsh-5.0.2-31.el7.ppc64le.rpm zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm s390x: zsh-5.0.2-31.el7.s390x.rpm
[RHSA-2018:3246-01] Low: libcdio security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: libcdio security update Advisory ID: RHSA-2018:3246-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3246 Issue date:2018-10-30 CVE Names: CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 = 1. Summary: An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices. Security Fix(es): * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1549644 - CVE-2017-18198 libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c 1549701 - CVE-2017-18199 libcdio: NULL pointer dereference in realloc_symlink in rock.c 1549707 - CVE-2017-18201 libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libcdio-0.92-3.el7.src.rpm x86_64: libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm libcdio-devel-0.92-3.el7.i686.rpm libcdio-devel-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: libcdio-0.92-3.el7.src.rpm x86_64: libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm libcdio-devel-0.92-3.el7.i686.rpm libcdio-devel-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libcdio-0.92-3.el7.src.rpm ppc64: libcdio-0.92-3.el7.ppc.rpm libcdio-0.92-3.el7.ppc64.rpm libcdio-debuginfo-0.92-3.el7.ppc.rpm libcdio-debuginfo-0.92-3.el7.ppc64.rpm ppc64le: libcdio-0.92-3.el7.ppc64le.rpm libcdio-debuginfo-0.92-3.el7.ppc64le.rpm s390x: libcdio-0.92-3.el7.s390.rpm libcdio-0.92-3.el7.s390x.rpm libcdio-debuginfo-0.92-3.el7.s390.rpm libcdio-debuginfo-0.92-3.el7.s390x.rpm x86_64: libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libcdio-0.92-3.el7.src.rpm aarch64: libcdio-0.92-3.el7.aarch64.rpm libcdio-debuginfo-0.92-3.el7.aarch64.rpm ppc64le: libcdio-0.92-3.el7.ppc64le.rpm libcdio-debuginfo-0.92-3.el7.ppc64le.rpm s390x: libcdio-0.92-3.el7.s390.rpm libcdio-0.92-3.el7.s390x.rpm libcdio-debuginfo-0.92-3.el7.s390.rpm libcdio-debuginfo-0.92-3.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: libcdio-debuginfo-0.92-3.el7.aarch64.rpm libcdio-devel-0.92-3.el7.aarch64.rpm ppc64le: libcdio-debuginfo-0.92-3.el7.ppc64le.rpm libcdio-devel-0.92-3.el7.ppc64le.rpm s390x: libcdio-debuginfo-0.92-3.el7.s390.rpm libcdio-debuginfo-0.92-3.el7.s390x.rpm
[RHSA-2018:3221-01] Moderate: openssl security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2018:3221-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3221 Issue date:2018-10-30 CVE Names: CVE-2017-3735 CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 = 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1486144 - CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read 1548401 - modify X509_NAME comparison function to be case sensitive for CA name lists in SSL 1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1585004 - ppc64le opensslconf.h is incompatible with swig 1591100 - CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang 1591163 - CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1603597 - Confusing error message when asking for invalid DSA parameter sizes in FIPS mode 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-16.el7.src.rpm x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-16.el7.src.rpm x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64:
[RHSA-2018:3327-01] Low: libmspack security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: libmspack security update Advisory ID: RHSA-2018:3327-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3327 Issue date:2018-10-30 CVE Names: CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 = 1. Summary: An update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le 3. Description: The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1610890 - CVE-2018-14679 libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks 1610896 - CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c 1610934 - CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks 1610941 - CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libmspack-0.5-0.6.alpha.el7.src.rpm x86_64: libmspack-0.5-0.6.alpha.el7.i686.rpm libmspack-0.5-0.6.alpha.el7.x86_64.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libmspack-debuginfo-0.5-0.6.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.x86_64.rpm libmspack-devel-0.5-0.6.alpha.el7.i686.rpm libmspack-devel-0.5-0.6.alpha.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libmspack-0.5-0.6.alpha.el7.src.rpm x86_64: libmspack-0.5-0.6.alpha.el7.i686.rpm libmspack-0.5-0.6.alpha.el7.x86_64.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libmspack-debuginfo-0.5-0.6.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.x86_64.rpm libmspack-devel-0.5-0.6.alpha.el7.i686.rpm libmspack-devel-0.5-0.6.alpha.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libmspack-0.5-0.6.alpha.el7.src.rpm x86_64: libmspack-0.5-0.6.alpha.el7.i686.rpm libmspack-0.5-0.6.alpha.el7.x86_64.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.i686.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: libmspack-0.5-0.6.alpha.el7.src.rpm aarch64: libmspack-0.5-0.6.alpha.el7.aarch64.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.aarch64.rpm libmspack-devel-0.5-0.6.alpha.el7.aarch64.rpm ppc64le: libmspack-0.5-0.6.alpha.el7.ppc64le.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.ppc64le.rpm libmspack-devel-0.5-0.6.alpha.el7.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: libmspack-0.5-0.6.alpha.el7.src.rpm ppc64le: libmspack-0.5-0.6.alpha.el7.ppc64le.rpm libmspack-debuginfo-0.5-0.6.alpha.el7.ppc64le.rpm libmspack-devel-0.5-0.6.alpha.el7.ppc64le.rpm x86_64:
[RHSA-2018:3253-01] Low: jasper security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: jasper security update Advisory ID: RHSA-2018:3253-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3253 Issue date:2018-10-30 CVE Names: CVE-2016-9396 CVE-2017-150 = 1. Summary: An update for jasper is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-150) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1396978 - CVE-2016-9396 jasper: reachable assertion in JPC_NOMINALGAIN() 1472888 - CVE-2017-150 jasper: NULL pointer exception in jp2_encode() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: jasper-1.900.1-33.el7.src.rpm x86_64: jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-libs-1.900.1-33.el7.i686.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: jasper-1.900.1-33.el7.x86_64.rpm jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-devel-1.900.1-33.el7.i686.rpm jasper-devel-1.900.1-33.el7.x86_64.rpm jasper-utils-1.900.1-33.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: jasper-1.900.1-33.el7.src.rpm x86_64: jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-libs-1.900.1-33.el7.i686.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: jasper-1.900.1-33.el7.x86_64.rpm jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-devel-1.900.1-33.el7.i686.rpm jasper-devel-1.900.1-33.el7.x86_64.rpm jasper-utils-1.900.1-33.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: jasper-1.900.1-33.el7.src.rpm ppc64: jasper-debuginfo-1.900.1-33.el7.ppc.rpm jasper-debuginfo-1.900.1-33.el7.ppc64.rpm jasper-libs-1.900.1-33.el7.ppc.rpm jasper-libs-1.900.1-33.el7.ppc64.rpm ppc64le: jasper-debuginfo-1.900.1-33.el7.ppc64le.rpm jasper-libs-1.900.1-33.el7.ppc64le.rpm s390x: jasper-debuginfo-1.900.1-33.el7.s390.rpm jasper-debuginfo-1.900.1-33.el7.s390x.rpm jasper-libs-1.900.1-33.el7.s390.rpm jasper-libs-1.900.1-33.el7.s390x.rpm x86_64: jasper-debuginfo-1.900.1-33.el7.i686.rpm jasper-debuginfo-1.900.1-33.el7.x86_64.rpm jasper-libs-1.900.1-33.el7.i686.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: jasper-1.900.1-33.el7.src.rpm aarch64: jasper-debuginfo-1.900.1-33.el7.aarch64.rpm jasper-libs-1.900.1-33.el7.aarch64.rpm ppc64le: jasper-debuginfo-1.900.1-33.el7.ppc64le.rpm jasper-libs-1.900.1-33.el7.ppc64le.rpm s390x: jasper-debuginfo-1.900.1-33.el7.s390.rpm jasper-debuginfo-1.900.1-33.el7.s390x.rpm jasper-libs-1.900.1-33.el7.s390.rpm jasper-libs-1.900.1-33.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: jasper-1.900.1-33.el7.aarch64.rpm jasper-debuginfo-1.900.1-33.el7.aarch64.rpm jasper-devel-1.900.1-33.el7.aarch64.rpm
[RHSA-2018:3335-01] Moderate: xerces-c security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: xerces-c security update Advisory ID: RHSA-2018:3335-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3335 Issue date:2018-10-30 CVE Names: CVE-2016-4463 = 1. Summary: An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es): * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1348845 - CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: xerces-c-3.1.1-9.el7.src.rpm noarch: xerces-c-doc-3.1.1-9.el7.noarch.rpm x86_64: xerces-c-3.1.1-9.el7.i686.rpm xerces-c-3.1.1-9.el7.x86_64.rpm xerces-c-debuginfo-3.1.1-9.el7.i686.rpm xerces-c-debuginfo-3.1.1-9.el7.x86_64.rpm xerces-c-devel-3.1.1-9.el7.i686.rpm xerces-c-devel-3.1.1-9.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xerces-c-3.1.1-9.el7.src.rpm noarch: xerces-c-doc-3.1.1-9.el7.noarch.rpm x86_64: xerces-c-3.1.1-9.el7.x86_64.rpm xerces-c-debuginfo-3.1.1-9.el7.i686.rpm xerces-c-debuginfo-3.1.1-9.el7.x86_64.rpm xerces-c-devel-3.1.1-9.el7.i686.rpm xerces-c-devel-3.1.1-9.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: xerces-c-3.1.1-9.el7.src.rpm ppc64: xerces-c-3.1.1-9.el7.ppc.rpm xerces-c-3.1.1-9.el7.ppc64.rpm xerces-c-debuginfo-3.1.1-9.el7.ppc.rpm xerces-c-debuginfo-3.1.1-9.el7.ppc64.rpm ppc64le: xerces-c-3.1.1-9.el7.ppc64le.rpm xerces-c-debuginfo-3.1.1-9.el7.ppc64le.rpm s390x: xerces-c-3.1.1-9.el7.s390.rpm xerces-c-3.1.1-9.el7.s390x.rpm xerces-c-debuginfo-3.1.1-9.el7.s390.rpm xerces-c-debuginfo-3.1.1-9.el7.s390x.rpm x86_64: xerces-c-3.1.1-9.el7.i686.rpm xerces-c-3.1.1-9.el7.x86_64.rpm xerces-c-debuginfo-3.1.1-9.el7.i686.rpm xerces-c-debuginfo-3.1.1-9.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: xerces-c-3.1.1-9.el7.src.rpm aarch64: xerces-c-3.1.1-9.el7.aarch64.rpm xerces-c-debuginfo-3.1.1-9.el7.aarch64.rpm ppc64le: xerces-c-3.1.1-9.el7.ppc64le.rpm xerces-c-debuginfo-3.1.1-9.el7.ppc64le.rpm s390x: xerces-c-3.1.1-9.el7.s390.rpm xerces-c-3.1.1-9.el7.s390x.rpm xerces-c-debuginfo-3.1.1-9.el7.s390.rpm xerces-c-debuginfo-3.1.1-9.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: xerces-c-debuginfo-3.1.1-9.el7.aarch64.rpm xerces-c-devel-3.1.1-9.el7.aarch64.rpm noarch: xerces-c-doc-3.1.1-9.el7.noarch.rpm ppc64le: xerces-c-debuginfo-3.1.1-9.el7.ppc64le.rpm xerces-c-devel-3.1.1-9.el7.ppc64le.rpm s390x: xerces-c-debuginfo-3.1.1-9.el7.s390.rpm xerces-c-debuginfo-3.1.1-9.el7.s390x.rpm xerces-c-devel-3.1.1-9.el7.s390.rpm xerces-c-devel-3.1.1-9.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: xerces-c-doc-3.1.1-9.el7.noarch.rpm ppc64: xerces-c-debuginfo-3.1.1-9.el7.ppc.rpm xerces-c-debuginfo-3.1.1-9.el7.ppc64.rpm xerces-c-devel-3.1.1-9.el7.ppc.rpm
[RHSA-2018:3096-01] Important: kernel-rt security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2018:3096-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3096 Issue date:2018-10-30 CVE Names: CVE-2015-8830 CVE-2016-4913 CVE-2017-0861 CVE-2017-10661 CVE-2017-17805 CVE-2017-18208 CVE-2017-18232 CVE-2017-18344 CVE-2018-1092 CVE-2018-1094 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-5344 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-7740 CVE-2018-7757 CVE-2018-8781 CVE-2018-10322 CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-13405 CVE-2018-126 = 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-126) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in
[RHSA-2018:3083-01] Important: kernel security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2018:3083-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3083 Issue date:2018-10-30 CVE Names: CVE-2015-8830 CVE-2016-4913 CVE-2017-0861 CVE-2017-10661 CVE-2017-17805 CVE-2017-18208 CVE-2017-18232 CVE-2017-18344 CVE-2018-1092 CVE-2018-1094 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-5344 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-7740 CVE-2018-7757 CVE-2018-8781 CVE-2018-10322 CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-13405 CVE-2018-126 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-126) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
[RHSA-2018:3056-01] Moderate: samba security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: RHSA-2018:3056-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3056 Issue date:2018-10-30 CVE Names: CVE-2018-1050 CVE-2018-1139 CVE-2018-10858 = 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.8.3). (BZ#1558560) Security Fix(es): * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer dereference in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting CVE-2018-1050. The CVE-2018-1139 issue was discovered by Vivek Das (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1525511 - Fix idmap_rid dependency on trusted domain list 1532618 - Kept getting "smbd[process-id]: PANIC (pid ): internal error" 1538771 - CVE-2018-1050 samba: NULL pointer dereference in printer server process 1540457 - User login issue from one-way trusted domains has not been fixed 1558560 - Rebase samba in RHEL-7.6 to Samba 4.8.3 1558943 - winbind use 100%cpu and disfunctional 1570020 - coredump with dfsgetinfo 1575205 - net ads join crashing during DoDNSUpdate 1581016 - smbclient echos 'Try "help" to get a list of possible commands.' to tty 1582541 - Windows 10 can only authenticate against smbd's local SAM with NTLMv1 1589651 - CVE-2018-1139 samba: Weak authentication protocol regression 1612805 - CVE-2018-10858 samba: Insufficient input validation in libsmbclient 1614132 - smbd crashes with "assert failed: dirp->fsp->dptr->dir_hnd == dirp" 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.8.3-4.el7.src.rpm noarch: samba-common-4.8.3-4.el7.noarch.rpm x86_64: libsmbclient-4.8.3-4.el7.i686.rpm libsmbclient-4.8.3-4.el7.x86_64.rpm libwbclient-4.8.3-4.el7.i686.rpm libwbclient-4.8.3-4.el7.x86_64.rpm samba-client-4.8.3-4.el7.x86_64.rpm samba-client-libs-4.8.3-4.el7.i686.rpm samba-client-libs-4.8.3-4.el7.x86_64.rpm samba-common-libs-4.8.3-4.el7.x86_64.rpm samba-common-tools-4.8.3-4.el7.x86_64.rpm samba-debuginfo-4.8.3-4.el7.i686.rpm samba-debuginfo-4.8.3-4.el7.x86_64.rpm samba-krb5-printing-4.8.3-4.el7.x86_64.rpm samba-libs-4.8.3-4.el7.i686.rpm samba-libs-4.8.3-4.el7.x86_64.rpm samba-winbind-4.8.3-4.el7.x86_64.rpm samba-winbind-clients-4.8.3-4.el7.x86_64.rpm samba-winbind-modules-4.8.3-4.el7.i686.rpm samba-winbind-modules-4.8.3-4.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: samba-pidl-4.8.3-4.el7.noarch.rpm x86_64: libsmbclient-devel-4.8.3-4.el7.i686.rpm
[RHSA-2018:3090-01] Moderate: ovmf security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: ovmf security, bug fix, and enhancement update Advisory ID: RHSA-2018:3090-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3090 Issue date:2018-10-30 Cross references: CVE-2018-0739 CVE Names: CVE-2018-0739 = 1. Summary: An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch 3. Description: OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: ovmf (20180508). (BZ#1559542) Security Fix(es): * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1561128 - OVMF Secure boot enablement (enrollment of default keys) 1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service 1577546 - no input consoles connected under certain circumstances 1579518 - EFI_RNG_PROTOCOL no longer produced for virtio-rng 1607792 - add 'Provides: bundled(openssl) = 1.1.0h' to the spec file 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: ovmf-20180508-3.gitee3198e672e2.el7.src.rpm noarch: OVMF-20180508-3.gitee3198e672e2.el7.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: ovmf-20180508-3.gitee3198e672e2.el7.src.rpm noarch: AAVMF-20180508-3.gitee3198e672e2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9gQIdzjgjWX9erEAQgMUQ/+IVxD0Dzfb3SP+IpjegtKtgT1gVYevDos b2Ba7VJmA09LQ/6dPuqQMVVjpoC6u5LMzhJrby6Q6BvRHOQAdNShZXTA92loNChZ xH4CSbmywJKGO21Vr36Zws3P17x78EejRP13nKzedD8d+aDwP2ThCL5F0y4BZ0aU K9+1nk7TI36u9vDJcZT+19y6BkMZXgHd6Gh3RXnLPIIu+KcNRVJQIPXWcBba68xb wp8WQer+1j+yZ+Vmr+w2ThHFXrMxAfurhelAXpoEtChiQ2P9X2GPfYa2MkDiJsgs ykfC5zKsIgHTbc34/9TXke1OtsfWZJ7oZkAMdBmuH/8uexP/ZFghWE5IlLxs+LIa 61il7vJHu6q7HbXY9dJDXrR9papsOZ09WmqwbiDHQQLTXijtPdyh0Twn7vPCAg5S DmU1Q+VG8aJusQ3D9jFeFxoq16WnJWo6pZOPNtNU+Cp/OExmKs5rVXhQIrrud3n1 05WBQv5vuKX0J7wpdHRDYzAHX/xKSPHA+cyTER9wha371hTh8j+LfElcLsJn5u/S z+Rrg2kmDiYD3Gm1fk0dp0ngR8ut5fOHsx89mylvBgw0os6eiTRn0N3Ovfj785R0 Dy/qvOsYmUvOUuhTS7d36yHKwPYKfhtlgKzXeR03SCtB/7ua9KfIeWnnXr41eKmi +XcLLrsdoAE= =hK91 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3065-01] Moderate: libkdcraw security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: libkdcraw security update Advisory ID: RHSA-2018:3065-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3065 Issue date:2018-10-30 CVE Names: CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5805 CVE-2018-5806 = 1. Summary: An update for libkdcraw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le 3. Description: Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files. Security Fix(es): * LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) * LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800) * LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801) * LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802) * LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1553332 - CVE-2018-5800 LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp 1553334 - CVE-2018-5801 LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp 1553335 - CVE-2018-5802 LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp 1591887 - CVE-2018-5805 LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp 1591897 - CVE-2018-5806 LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libkdcraw-4.10.5-5.el7.src.rpm x86_64: libkdcraw-4.10.5-5.el7.i686.rpm libkdcraw-4.10.5-5.el7.x86_64.rpm libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm libkdcraw-devel-4.10.5-5.el7.i686.rpm libkdcraw-devel-4.10.5-5.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libkdcraw-4.10.5-5.el7.src.rpm ppc64le: libkdcraw-4.10.5-5.el7.ppc64le.rpm libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm x86_64: libkdcraw-4.10.5-5.el7.i686.rpm libkdcraw-4.10.5-5.el7.x86_64.rpm libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm libkdcraw-devel-4.10.5-5.el7.i686.rpm libkdcraw-devel-4.10.5-5.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libkdcraw-4.10.5-5.el7.src.rpm aarch64: libkdcraw-4.10.5-5.el7.aarch64.rpm libkdcraw-debuginfo-4.10.5-5.el7.aarch64.rpm libkdcraw-devel-4.10.5-5.el7.aarch64.rpm ppc64le: libkdcraw-4.10.5-5.el7.ppc64le.rpm libkdcraw-debuginfo-4.10.5-5.el7.ppc64le.rpm libkdcraw-devel-4.10.5-5.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libkdcraw-4.10.5-5.el7.src.rpm x86_64: libkdcraw-4.10.5-5.el7.i686.rpm libkdcraw-4.10.5-5.el7.x86_64.rpm libkdcraw-debuginfo-4.10.5-5.el7.i686.rpm libkdcraw-debuginfo-4.10.5-5.el7.x86_64.rpm libkdcraw-devel-4.10.5-5.el7.i686.rpm libkdcraw-devel-4.10.5-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5800
[RHSA-2018:3158-01] Low: sssd security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2018:3158-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3158 Issue date:2018-10-30 CVE Names: CVE-2018-10852 = 1. Summary: An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (1.16.2). (BZ#1558498) Security Fix(es): * sssd: information leak from the sssd-sudo responder (CVE-2018-10852) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Jakub Hrozek (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1385665 - Incorrect error code returned from krb5_child (updated) 1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet 1459348 - extend sss-certmap man page regarding priority processing 1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed 1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set 1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed 1522928 - sssd doesn't allow user with expired password to login when PasswordgraceLimit set 1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir 1537272 - SSH public key authentication keeps working after keys are removed from ID view 1537279 - Certificate is not removed from cache when it's removed from the override 1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 55612688c2a0 sp 7ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] 1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used 1558498 - Rebase sssd to the latests upstream release of the 1.16 branch 1562025 - externalUser sudo attribute must be fully-qualified 1565774 - After updating to RHEL 7.5 failing to clear the sssd cache 1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash 1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'. 1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily 1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION 1583251 - home dir disappear in sssd cache on the IPA master for AD users 1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries 1588810 - CVE-2018-10852 sssd: information leak from the sssd-sudo responder 1600822 - SSSD bails out saving desktop
[RHSA-2018:3127-01] Moderate: 389-ds-base security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security, bug fix, and enhancement update Advisory ID: RHSA-2018:3127-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3127 Issue date:2018-10-30 CVE Names: CVE-2018-14648 = 1. Summary: An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base (1.3.8.4). (BZ#1560653) Security Fix(es): * 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the 389 server service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1515190 - "Truncated search results" pop-up appears in user details in WebUI 1525256 - Invalid SNMP MIB for 389 DS 1541098 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line 1544477 - IPA server is not responding, all authentication and admin tests failed 1551063 - replica_write_ruv log a failure even when it succeeds 1551065 - ds-replcheck LDIF comparision fails when checking for conflicts 1551071 - memberof fails if group is moved into scope 1552698 - replicated operations should be serialized. 1556803 - ds-replcheck command returns traceback errors against empty ldif files when run in offline mode 1556863 - ds-replcheck command for "LDAP with StartTLS" using -Z option should be more robust 1559945 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received 1560653 - Rebase 389-ds-base in RHEL 7.6 to 1.3.8 1566444 - crash in connection table / nunc-stans ? 1567042 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired 1568462 - disk monitoring setting the wrong default error log level 1570033 - Errors log full of " WARN - keys2idl - recieved NULL idl from index_read_ext_allids, treating as empty set" messages 1570649 - pwdhash segfaults when CRYPT storage scheme is used 1574602 - Replication stops working when MemberOf plugin is enabled on hub and consumer 1576485 - Upgrade script doesn't enable PBKDF password storage plug-in 1581737 - passthrough plugin configured to do starttls does not work. 1582092 - passwordMustChange attribute is not honored by a RO consumer if "Chain on Update" is implemented on the RO consumer 1582747 - DS only accepts RSA and Fortezza cipher families 1593807 - Fine grained password policy can impact search performance 1596467 - IPA upgrade fails for latest ipa package 1597384 - Async operations can hang when the server is running nunc-stans 1597518 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode 1598186 - A search with the scope "one" returns a non-matching entry. 1598478 - If a replica is created with a bindDNGroup, this group is taken into account only after bindDNGroupCheckInterval seconds 1598718 - import fails if backend name is "default" 1602425 - ipa user commands
[RHSA-2018:3062-01] Low: qemu-kvm-ma security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: qemu-kvm-ma security, bug fix, and enhancement update Advisory ID: RHSA-2018:3062-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3062 Issue date:2018-10-30 CVE Names: CVE-2017-15124 = 1. Summary: An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x Red Hat Enterprise Linux Server Optional (v. 7) - ppc64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. The following packages have been upgraded to a later upstream version: qemu-kvm-ma (2.12.0). (BZ#1562219) Security Fix(es): * Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Daniel Berrange (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1525195 - CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request message in VNC server 1549079 - Migrate during reboot occasionally hangs in firmware with virtio-scsi:setup:inquiry... 1553775 - incorrect locking (possible use-after-free) with bug 1481593 fix 1554650 - [Regression] Cannot delete VM's snapshot 1572554 - [7.4-Alt] Unable to execute QEMU command 'dump-guest-memory': dump: failed to save memory 1595715 - Add ppa15/bpb to the default cpu model for z196 and higher in the 7.6 s390-ccw-virtio machine 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-ma-2.12.0-18.el7.src.rpm ppc64: qemu-img-ma-2.12.0-18.el7.ppc64.rpm qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64.rpm ppc64le: qemu-img-ma-2.12.0-18.el7.ppc64le.rpm qemu-kvm-common-ma-2.12.0-18.el7.ppc64le.rpm qemu-kvm-ma-2.12.0-18.el7.ppc64le.rpm qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64le.rpm qemu-kvm-tools-ma-2.12.0-18.el7.ppc64le.rpm s390x: qemu-img-ma-2.12.0-18.el7.s390x.rpm qemu-kvm-common-ma-2.12.0-18.el7.s390x.rpm qemu-kvm-ma-2.12.0-18.el7.s390x.rpm qemu-kvm-ma-debuginfo-2.12.0-18.el7.s390x.rpm qemu-kvm-tools-ma-2.12.0-18.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: qemu-kvm-ma-2.12.0-18.el7.src.rpm ppc64le: qemu-img-ma-2.12.0-18.el7.ppc64le.rpm qemu-kvm-common-ma-2.12.0-18.el7.ppc64le.rpm qemu-kvm-ma-2.12.0-18.el7.ppc64le.rpm qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64le.rpm qemu-kvm-tools-ma-2.12.0-18.el7.ppc64le.rpm s390x: qemu-img-ma-2.12.0-18.el7.s390x.rpm qemu-kvm-common-ma-2.12.0-18.el7.s390x.rpm qemu-kvm-ma-2.12.0-18.el7.s390x.rpm qemu-kvm-ma-debuginfo-2.12.0-18.el7.s390x.rpm qemu-kvm-tools-ma-2.12.0-18.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): Source: qemu-kvm-ma-2.12.0-18.el7.src.rpm aarch64: qemu-img-ma-2.12.0-18.el7.aarch64.rpm qemu-kvm-common-ma-2.12.0-18.el7.aarch64.rpm qemu-kvm-ma-2.12.0-18.el7.aarch64.rpm qemu-kvm-ma-debuginfo-2.12.0-18.el7.aarch64.rpm qemu-kvm-tools-ma-2.12.0-18.el7.aarch64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: qemu-kvm-common-ma-2.12.0-18.el7.ppc64.rpm qemu-kvm-ma-2.12.0-18.el7.ppc64.rpm qemu-kvm-ma-debuginfo-2.12.0-18.el7.ppc64.rpm qemu-kvm-tools-ma-2.12.0-18.el7.ppc64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-15124 https://access.redhat.com/security/updates/classification/#low
[RHSA-2018:3071-01] Low: krb5 security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: krb5 security, bug fix, and enhancement update Advisory ID: RHSA-2018:3071-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3071 Issue date:2018-10-30 CVE Names: CVE-2018-5729 CVE-2018-5730 = 1. Summary: An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1373909 - Running systemctl stop kadmin.service causes the status to be failed instead of inactive 1497301 - [RFE] Add German translation (de_DE.UTF-8) 1525232 - Fix network service dependencies 1538491 - certid option of PKINIT plugin does not handle leading zeros 1539824 - Order of processing for files in included directories is undefined 1540130 - [RFE] make preauth types more descriptive in krb5 trace 1551082 - CVE-2018-5730 krb5: DN container check bypass by supplying special crafted data 1551083 - CVE-2018-5729 krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data 1563166 - kdestroy -A does not work with multiple principals when using KCM 1570600 - krb5-libs uses slow crypto implementation 1599721 - ipa-server-install fails when FIPS mode is enabled 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: krb5-1.15.1-34.el7.src.rpm x86_64: krb5-debuginfo-1.15.1-34.el7.i686.rpm krb5-debuginfo-1.15.1-34.el7.x86_64.rpm krb5-libs-1.15.1-34.el7.i686.rpm krb5-libs-1.15.1-34.el7.x86_64.rpm krb5-pkinit-1.15.1-34.el7.x86_64.rpm krb5-workstation-1.15.1-34.el7.x86_64.rpm libkadm5-1.15.1-34.el7.i686.rpm libkadm5-1.15.1-34.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: krb5-debuginfo-1.15.1-34.el7.i686.rpm krb5-debuginfo-1.15.1-34.el7.x86_64.rpm krb5-devel-1.15.1-34.el7.i686.rpm krb5-devel-1.15.1-34.el7.x86_64.rpm krb5-server-1.15.1-34.el7.x86_64.rpm krb5-server-ldap-1.15.1-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: krb5-1.15.1-34.el7.src.rpm x86_64: krb5-debuginfo-1.15.1-34.el7.i686.rpm krb5-debuginfo-1.15.1-34.el7.x86_64.rpm krb5-libs-1.15.1-34.el7.i686.rpm krb5-libs-1.15.1-34.el7.x86_64.rpm krb5-pkinit-1.15.1-34.el7.x86_64.rpm krb5-workstation-1.15.1-34.el7.x86_64.rpm libkadm5-1.15.1-34.el7.i686.rpm libkadm5-1.15.1-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: krb5-debuginfo-1.15.1-34.el7.i686.rpm krb5-debuginfo-1.15.1-34.el7.x86_64.rpm krb5-devel-1.15.1-34.el7.i686.rpm krb5-devel-1.15.1-34.el7.x86_64.rpm krb5-server-1.15.1-34.el7.x86_64.rpm krb5-server-ldap-1.15.1-34.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: krb5-1.15.1-34.el7.src.rpm ppc64: krb5-debuginfo-1.15.1-34.el7.ppc.rpm krb5-debuginfo-1.15.1-34.el7.ppc64.rpm krb5-devel-1.15.1-34.el7.ppc.rpm
[RHSA-2018:3242-01] Moderate: glusterfs security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: glusterfs security, bug fix, and enhancement update Advisory ID: RHSA-2018:3242-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3242 Issue date:2018-10-30 CVE Names: CVE-2018-10911 = 1. Summary: An update for glusterfs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - ppc64le 3. Description: GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. The following packages have been upgraded to a later upstream version: glusterfs (3.12.2). (BZ#1579734) Security Fix(es): * glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1579734 - Update glusterfs client rpms to the latest at RHEL 7.6 1601657 - CVE-2018-10911 glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glusterfs-3.12.2-18.el7.src.rpm x86_64: glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-fuse-3.12.2-18.el7.x86_64.rpm glusterfs-libs-3.12.2-18.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glusterfs-api-devel-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-devel-3.12.2-18.el7.x86_64.rpm glusterfs-rdma-3.12.2-18.el7.x86_64.rpm python2-gluster-3.12.2-18.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glusterfs-3.12.2-18.el7.src.rpm x86_64: glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-fuse-3.12.2-18.el7.x86_64.rpm glusterfs-libs-3.12.2-18.el7.x86_64.rpm glusterfs-rdma-3.12.2-18.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glusterfs-api-devel-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-devel-3.12.2-18.el7.x86_64.rpm python2-gluster-3.12.2-18.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glusterfs-3.12.2-18.el7.src.rpm ppc64le: glusterfs-3.12.2-18.el7.ppc64le.rpm glusterfs-debuginfo-3.12.2-18.el7.ppc64le.rpm glusterfs-libs-3.12.2-18.el7.ppc64le.rpm glusterfs-rdma-3.12.2-18.el7.ppc64le.rpm x86_64: glusterfs-3.12.2-18.el7.x86_64.rpm glusterfs-api-3.12.2-18.el7.x86_64.rpm glusterfs-cli-3.12.2-18.el7.x86_64.rpm glusterfs-client-xlators-3.12.2-18.el7.x86_64.rpm glusterfs-debuginfo-3.12.2-18.el7.x86_64.rpm glusterfs-fuse-3.12.2-18.el7.x86_64.rpm glusterfs-libs-3.12.2-18.el7.x86_64.rpm glusterfs-rdma-3.12.2-18.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: glusterfs-3.12.2-18.el7.src.rpm
[RHSA-2018:3113-01] Moderate: libvirt security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2018:3113-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3113 Issue date:2018-10-30 CVE Names: CVE-2018-6764 = 1. Summary: An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvirt (4.5.0). (BZ#1563169) Security Fix(es): * libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, libvirtd will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 916061 - Dump progress only show up when memory-only dump finish 1149445 - [RFE] Detection of cloned environment using a unique, inmutable, intelligent identifier programmically accessible - libvirt 1291851 - support for virtio-vsock - libvirt 1300772 - RFE: add support for native TLS encryption on NBD for disk migration 1367238 - libvirt allow set busNr and numa node for a pci-bridge but won't use it 1425058 - [RFE] libvirt: Provide a way to disable ROM loading completely for a device 1425757 - RFE: add support for securely passing passwords to iSCSI block drivers 1447169 - [RFE] Support hotplugging/unplugging of i6300esb watchdog 1448149 - is ignored if no NUMA nodes are configured 1454709 - delete the Qos settings for the interface on the fly makes no changes 1456165 - The sub-element for panic device should be "interleave" in rng file 1468422 - Libvirt crashed with SIGSEGV when creating a luks encrypted volume via an xml file without 'secret' element 1469338 - RFE: expose Q35 extended TSEG size in domain XML element or attribute 1470007 - [RFE] [libvirt part] Add S3 PR support to qemu (similar to mpathpersist) 1480668 - RFE: Enhance qemu to support freeing memory before exit when using memory-backend-file 1483816 - Schema for the 'target' field in should not accept 'chassis' and 'port' parameters for 'q35' machine type 1490158 - Libvirt could not reconnect qemu 1492597 - Enable seccomp by out of the box with QEMU >= 2.11 1494454 - RFE: add sanity checks for shared storage when migrating without block copy 1507737 - virsh prompt doesn't change after changing the connection to readonly 1509870 - Command "virsh set-lifecycle-action --help" raises abnormal error info 1515533 - Libvirt should report correct error info when prefix is set out of range 1519146 - Libvirt uses deprecated compat=xxx option 1520821 - RFE: Add Generic PCIe-PCI bridge for libvirt 1522706 - Inexact error info when undefine a running uefi guest without flags 1523564 - Start vm with hostdev will cause unknown error. 1524399 - client-info return incorrect readonly info when connected by tcp/tls in readonly mode 1525496 - libvirtd fails to reconnect to a qemu process after creating 200 snapshots in a chain 1525599 - Support pseries cap-htm qemu option in libvirt
[RHSA-2018:3092-01] Moderate: glibc security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2018:3092-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3092 Issue date:2018-10-30 CVE Names: CVE-2017-16997 CVE-2018-6485 CVE-2018-11236 CVE-2018-11237 = 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1349967 - Fix warning: "IN_MODULE" redefined [enabled by default] 1349982 - Fix static analysis warnings in build-locale-archive.c. 1372304 - glibc: backport build/testing time improvements 1401665 - Fix process shared robust mutex defects. 1408964 - RFE: Add Provides: nss_db to the glibc rpm 1448107 - glibc: Add el_GR@euro, ur_IN, and wal_ET locales 1461231 - [RFE] Support OFD locking constants, but disable them for 32-bit offsets (not following upstream) (glibc) 1471405 - glibc: Define O_TMPFILE macro 1476120 - glibc headers don't include linux/falloc.h, and therefore doesn't include fallocate() flags 1505451 - pthread_barrier_init typo has in-theory-undefined behavior 1505477 - strftime_l: Fix multiline macro DO_NUMBER (GCC 8 warnings, and coverity warnings) 1505492 - glibc: Build with -Werror and -Wundef 1505500 - locale: Transliteration function may return address of local variable. 1505647 - NSCD not properly caching netgroup 1526865 - CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries 1531168 - glibc: setcontext/makecontext alignment issues on x86 1542102 - CVE-2018-6485 glibc: Integer overflow in posix_memalign in memalign functions 1560641 - sem_open - valgrind complains about uninitialised bytes 1563046 - getlogin_r: return early when linux sentinel value is set 1563747 - glibc: Adjust system call name list to Linux 4.16+ 1564638 - glibc: Fix compile-time type error in string/test-strncmp.c and other string tests 1566623 - glibc: Old-style function definitions without prototype in libio/strops.c 1579727 - glibc: Crash in __res_context_send after memory allocation failure 1581269 - CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow 1581274 - CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper 6.
[RHSA-2018:3041-01] Moderate: python security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: python security and bug fix update Advisory ID: RHSA-2018:3041-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3041 Issue date:2018-10-30 CVE Names: CVE-2018-1060 CVE-2018-1061 = 1. Summary: An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1549191 - CVE-2018-1060 python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib 1549192 - CVE-2018-1061 python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib 1555314 - Don't send IP address as SNI TLS extension 1557460 - python-libs package dosn't provide python2-libs 1579432 - OSError 17 due to _multiprocessing/semaphore.c assuming a one-to-one Pid -> process mapping. 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: python-2.7.5-76.el7.src.rpm x86_64: python-2.7.5-76.el7.x86_64.rpm python-debuginfo-2.7.5-76.el7.i686.rpm python-debuginfo-2.7.5-76.el7.x86_64.rpm python-libs-2.7.5-76.el7.i686.rpm python-libs-2.7.5-76.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: python-debug-2.7.5-76.el7.x86_64.rpm python-debuginfo-2.7.5-76.el7.x86_64.rpm python-devel-2.7.5-76.el7.x86_64.rpm python-test-2.7.5-76.el7.x86_64.rpm python-tools-2.7.5-76.el7.x86_64.rpm tkinter-2.7.5-76.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: python-2.7.5-76.el7.src.rpm x86_64: python-2.7.5-76.el7.x86_64.rpm python-debuginfo-2.7.5-76.el7.i686.rpm python-debuginfo-2.7.5-76.el7.x86_64.rpm python-devel-2.7.5-76.el7.x86_64.rpm python-libs-2.7.5-76.el7.i686.rpm python-libs-2.7.5-76.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: python-debug-2.7.5-76.el7.x86_64.rpm python-debuginfo-2.7.5-76.el7.x86_64.rpm python-test-2.7.5-76.el7.x86_64.rpm python-tools-2.7.5-76.el7.x86_64.rpm tkinter-2.7.5-76.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: python-2.7.5-76.el7.src.rpm ppc64: python-2.7.5-76.el7.ppc64.rpm python-debuginfo-2.7.5-76.el7.ppc.rpm python-debuginfo-2.7.5-76.el7.ppc64.rpm python-devel-2.7.5-76.el7.ppc64.rpm python-libs-2.7.5-76.el7.ppc.rpm python-libs-2.7.5-76.el7.ppc64.rpm ppc64le: python-2.7.5-76.el7.ppc64le.rpm python-debuginfo-2.7.5-76.el7.ppc64le.rpm python-devel-2.7.5-76.el7.ppc64le.rpm python-libs-2.7.5-76.el7.ppc64le.rpm s390x: python-2.7.5-76.el7.s390x.rpm python-debuginfo-2.7.5-76.el7.s390.rpm python-debuginfo-2.7.5-76.el7.s390x.rpm python-devel-2.7.5-76.el7.s390x.rpm python-libs-2.7.5-76.el7.s390.rpm
[RHSA-2018:3249-01] Low: setup security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: setup security and bug fix update Advisory ID: RHSA-2018:3249-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3249 Issue date:2018-10-30 CVE Names: CVE-2018-1113 = 1. Summary: An update for setup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch 3. Description: The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profile. Other examples are the default lists of reserved user IDs, reserved ports, reserved protocols, allowed shells, allowed secure terminals. Security Fix(es): * setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1566469 - Typing Mistake in /etc/protocols 1571094 - CVE-2018-1113 setup: nologin listed in /etc/shells violates security expectations 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: setup-2.8.71-10.el7.src.rpm noarch: setup-2.8.71-10.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: setup-2.8.71-10.el7.src.rpm noarch: setup-2.8.71-10.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: setup-2.8.71-10.el7.src.rpm noarch: setup-2.8.71-10.el7.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: setup-2.8.71-10.el7.src.rpm noarch: setup-2.8.71-10.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: setup-2.8.71-10.el7.src.rpm noarch: setup-2.8.71-10.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1113 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9gQR9zjgjWX9erEAQiuoRAAiZpJfOGqTAfRNqZhCk6bHEovRaD7UiQv fkv1CLGed2MXsrEWabe3Ybh/aNrsHdpKTyEm/hPtC/XMifV4WLz7qfwoRPhpLj00 57+5h2DCFgWn2ATKJNVLfHJilgpXwlKrVJTrU86lP0rfT3NCWa0h+epst6IIOgm8 lyrQDmhD+NM4wWM9j6hySVabLiEiJgVOUoJWss6CeIHL2lfu9Dz5tkZqVQxG72BE rR8G0YYrT7ssncYZ3QaHJqDP+eFx+DZsla4LCYaSwlHpuE0pItDB+nUrFff9n/8X VYidORe35L8ZzE869np3M+daY2gnOWXzyw41MmeVKGtGiD/xBtAns1kyFUA1/lug D2gtq33eHnAYHD5/W33JsfLkDEhjcNyrphFubZ21alg7RV4GriZ6oVhtoJMX3Gbj M6j6br/H5gPQTvpV2fDIIgR4+p1r4W+UrwRbH96U4vgvvM+6Pw39Fa4Y1UrwZyBJ P7SEA3WYjKmQGophTuOa4qa0hwAkt+KyIwkE/kucuR8Y69idUr/4zGDnvezJa7h+ Sy18JPjTvzBLDq6FIBdzBPla8hi5MzgReX4J0gUb4CckEzrZvfeIDNTgexSP+4tG 6kQ/cnKNIzhmXlWlPmMED7fpvMSt4xgq1o1EqruXhTRAv0x0SN56vyMbG8tH3V7b RMWmpvYCGso= =lwzl -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2018:3059-01] Low: X.org X11 security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: X.org X11 security, bug fix, and enhancement update Advisory ID: RHSA-2018:3059-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3059 Issue date:2018-10-30 CVE Names: CVE-2015-9262 = 1. Summary: Updated X.org server and driver packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1259757 - unable to log out from vnc session 1428340 - Xorg killed by SIGABRT after resize of VM display when multiple PCI device in use 1496253 - Spice/QXL cannot support gnome3 with multi-monitors as it requires hardware acceleration 1538756 - [abrt] xorg-x11-server-Xwayland: Xwayland killed by SIGABRT 1564061 - Rebuild tigervnc against Xorg 1.20 1566101 - epoxy_glx_version & friends crash without GLX and hinder gtk3 startup 1570839 - Segmentation fault in AnimCurCancelTimer with latest Xorg 1584740 - libglvnd-1.0.1-0.6.git5baa1e5.el7 build is conflicting with mesa-17.2.3-8.20171019.el7 1592607 - Unresolved symbol in the xorg-x11-drv-mouse driver 1601742 - [XIT] double-free corruption in PanoramiXCreateConnectionBlock 1601880 - missing parameters in man page of Xvnc 1601960 - undefined symbol: LoaderGetOS 1602855 - gray screen and high cpu usage with vncviewer in fullscreen mode 1605325 - vncviewer holds focus of whole screen after exiting fullscreen mode 1611599 - CVE-2015-9262 libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c 1613264 - wrong colours of VNC desktop via vncviewer on ppc64 1631880 - Xorg defaults to clone mode if the monitor cable/connector can't handle the preferred mode 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libX11-1.6.5-2.el7.src.rpm libXcursor-1.1.15-1.el7.src.rpm libXfont-1.5.4-1.el7.src.rpm libXfont2-2.0.3-1.el7.src.rpm libXres-1.2.0-1.el7.src.rpm libdrm-2.4.91-3.el7.src.rpm libepoxy-1.5.2-1.el7.src.rpm libglvnd-1.0.1-0.8.git5baa1e5.el7.src.rpm libinput-1.10.7-2.el7.src.rpm libwacom-0.30-1.el7.src.rpm libxcb-1.13-1.el7.src.rpm mesa-18.0.5-3.el7.src.rpm mesa-demos-8.3.0-10.el7.src.rpm tigervnc-1.8.0-13.el7.src.rpm xkeyboard-config-2.24-1.el7.src.rpm xorg-x11-drv-ati-18.0.1-1.el7.src.rpm xorg-x11-drv-dummy-0.3.7-1.el7.1.src.rpm xorg-x11-drv-evdev-2.10.6-1.el7.src.rpm xorg-x11-drv-fbdev-0.5.0-1.el7.src.rpm xorg-x11-drv-intel-2.99.917-28.20180530.el7.src.rpm xorg-x11-drv-libinput-0.27.1-2.el7.src.rpm xorg-x11-drv-mouse-1.9.2-2.el7.src.rpm xorg-x11-drv-nouveau-1.0.15-1.el7.src.rpm xorg-x11-drv-openchrome-0.5.0-3.el7.1.src.rpm xorg-x11-drv-qxl-0.1.5-4.el7.1.src.rpm xorg-x11-drv-synaptics-1.9.0-2.el7.src.rpm xorg-x11-drv-v4l-0.2.0-49.el7.src.rpm xorg-x11-drv-vesa-2.4.0-1.el7.src.rpm xorg-x11-drv-vmmouse-13.1.0-1.el7.1.src.rpm xorg-x11-drv-vmware-13.2.1-1.el7.1.src.rpm
[RHSA-2018:3229-01] Low: zziplib security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Low: zziplib security update Advisory ID: RHSA-2018:3229-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3229 Issue date:2018-10-30 CVE Names: CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 = 1. Summary: An update for zziplib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726) * zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip (CVE-2018-7727) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1554662 - CVE-2018-7725 zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash 1554672 - CVE-2018-7726 zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file 1554676 - CVE-2018-7727 zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: zziplib-0.13.62-9.el7.src.rpm x86_64: zziplib-0.13.62-9.el7.i686.rpm zziplib-0.13.62-9.el7.x86_64.rpm zziplib-debuginfo-0.13.62-9.el7.i686.rpm zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: zziplib-debuginfo-0.13.62-9.el7.i686.rpm zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm zziplib-devel-0.13.62-9.el7.i686.rpm zziplib-devel-0.13.62-9.el7.x86_64.rpm zziplib-utils-0.13.62-9.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: zziplib-0.13.62-9.el7.src.rpm x86_64: zziplib-0.13.62-9.el7.i686.rpm zziplib-0.13.62-9.el7.x86_64.rpm zziplib-debuginfo-0.13.62-9.el7.i686.rpm zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm zziplib-devel-0.13.62-9.el7.i686.rpm zziplib-devel-0.13.62-9.el7.x86_64.rpm zziplib-utils-0.13.62-9.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: zziplib-0.13.62-9.el7.src.rpm ppc64: zziplib-0.13.62-9.el7.ppc.rpm zziplib-0.13.62-9.el7.ppc64.rpm zziplib-debuginfo-0.13.62-9.el7.ppc.rpm zziplib-debuginfo-0.13.62-9.el7.ppc64.rpm ppc64le: zziplib-0.13.62-9.el7.ppc64le.rpm zziplib-debuginfo-0.13.62-9.el7.ppc64le.rpm s390x: zziplib-0.13.62-9.el7.s390.rpm zziplib-0.13.62-9.el7.s390x.rpm zziplib-debuginfo-0.13.62-9.el7.s390.rpm zziplib-debuginfo-0.13.62-9.el7.s390x.rpm x86_64: zziplib-0.13.62-9.el7.i686.rpm zziplib-0.13.62-9.el7.x86_64.rpm zziplib-debuginfo-0.13.62-9.el7.i686.rpm zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: zziplib-0.13.62-9.el7.src.rpm aarch64: zziplib-0.13.62-9.el7.aarch64.rpm zziplib-debuginfo-0.13.62-9.el7.aarch64.rpm ppc64le: zziplib-0.13.62-9.el7.ppc64le.rpm zziplib-debuginfo-0.13.62-9.el7.ppc64le.rpm s390x: zziplib-0.13.62-9.el7.s390.rpm zziplib-0.13.62-9.el7.s390x.rpm zziplib-debuginfo-0.13.62-9.el7.s390.rpm zziplib-debuginfo-0.13.62-9.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: zziplib-debuginfo-0.13.62-9.el7.aarch64.rpm
[RHSA-2018:3324-01] Moderate: fuse security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Moderate: fuse security update Advisory ID: RHSA-2018:3324-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3324 Issue date:2018-10-30 CVE Names: CVE-2018-10906 = 1. Summary: An update for fuse is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Security Fix(es): * fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1602996 - CVE-2018-10906 fuse: bypass of the "user_allow_other" restriction when SELinux is active 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: fuse-2.9.2-11.el7.src.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: fuse-2.9.2-11.el7.src.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: fuse-2.9.2-11.el7.src.rpm ppc64: fuse-2.9.2-11.el7.ppc64.rpm fuse-debuginfo-2.9.2-11.el7.ppc.rpm fuse-debuginfo-2.9.2-11.el7.ppc64.rpm fuse-devel-2.9.2-11.el7.ppc.rpm fuse-devel-2.9.2-11.el7.ppc64.rpm fuse-libs-2.9.2-11.el7.ppc.rpm fuse-libs-2.9.2-11.el7.ppc64.rpm ppc64le: fuse-2.9.2-11.el7.ppc64le.rpm fuse-debuginfo-2.9.2-11.el7.ppc64le.rpm fuse-devel-2.9.2-11.el7.ppc64le.rpm fuse-libs-2.9.2-11.el7.ppc64le.rpm s390x: fuse-2.9.2-11.el7.s390x.rpm fuse-debuginfo-2.9.2-11.el7.s390.rpm fuse-debuginfo-2.9.2-11.el7.s390x.rpm fuse-devel-2.9.2-11.el7.s390.rpm fuse-devel-2.9.2-11.el7.s390x.rpm fuse-libs-2.9.2-11.el7.s390.rpm fuse-libs-2.9.2-11.el7.s390x.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: fuse-2.9.2-11.el7.src.rpm aarch64: fuse-2.9.2-11.el7.aarch64.rpm fuse-debuginfo-2.9.2-11.el7.aarch64.rpm fuse-devel-2.9.2-11.el7.aarch64.rpm fuse-libs-2.9.2-11.el7.aarch64.rpm ppc64le: fuse-2.9.2-11.el7.ppc64le.rpm fuse-debuginfo-2.9.2-11.el7.ppc64le.rpm fuse-devel-2.9.2-11.el7.ppc64le.rpm fuse-libs-2.9.2-11.el7.ppc64le.rpm s390x: fuse-2.9.2-11.el7.s390x.rpm fuse-debuginfo-2.9.2-11.el7.s390.rpm fuse-debuginfo-2.9.2-11.el7.s390x.rpm fuse-devel-2.9.2-11.el7.s390.rpm fuse-devel-2.9.2-11.el7.s390x.rpm fuse-libs-2.9.2-11.el7.s390.rpm fuse-libs-2.9.2-11.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: fuse-2.9.2-11.el7.src.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm
[RHSA-2018:3347-01] Critical: python-paramiko security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Critical: python-paramiko security update Advisory ID: RHSA-2018:3347-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3347 Issue date:2018-10-30 CVE Names: CVE-2018-1000805 = 1. Summary: An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch 3. Description: The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es): * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1637263 - CVE-2018-1000805 python-paramiko: Authentication bypass in auth_handler.py 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: python-paramiko-2.1.1-9.el7.src.rpm noarch: python-paramiko-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: python-paramiko-doc-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: python-paramiko-2.1.1-9.el7.src.rpm noarch: python-paramiko-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: python-paramiko-doc-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: python-paramiko-2.1.1-9.el7.src.rpm noarch: python-paramiko-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: python-paramiko-2.1.1-9.el7.src.rpm noarch: python-paramiko-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: python-paramiko-doc-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: python-paramiko-doc-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: python-paramiko-2.1.1-9.el7.src.rpm noarch: python-paramiko-2.1.1-9.el7.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: python-paramiko-doc-2.1.1-9.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1000805 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBW9gh4dzjgjWX9erEAQjEWQ/+OzJtZivqe6Uw290ym/WgyFZJ2x0ZgTIk OGFTn+BAI6g8n8sTHMETWxUma/s6AKOQzXZFOKQ6iZBtp1zXhGtoh7C0ew/NLqC0 N259WW5iTI+bNH1noRPSSkm3ev0c/eGc8nBY8SwPStdzsGDDvdpLkc2C+mmI3YQv YDOMrMxXa7Xo+meehDTzMCvtMXezFnXeWuSEgfz+sH3SIoYGRv03dR/Fs7wFaUcJ RHkDDeci3kxvCcZTZdYON6VlxMcfNvX0OPV0UFh13LB+0nl0iyQq9Lmo9Dx26bkV OyLK3S1XO2x7vjZdeQyEbDaKCeeRrc4cA3EUgOvJ8klapFpT90VaeytZ70pF26QC hccxD1F7iVj9UQ9W4vBeNeIByVqc++N/fZoqrct82bSAvjhrhHP9iNt7kX/1ISlV a6L0wtDyZGD3pK7ouE4oMnHE9U96WWcOD4mmEElg8vXkGbUv0LCCNDEodCURHBqP HO0dEFtLL8cAd9KAhGBcohC8SwfniLCs5AhrBOLq92o0q9ZGvn8cJy949IG/0DAR c1EYnTYLThKRHBsr96mH1qVub5V01CFwCvc5fPb2rJgJ9pawrnfVhlF1CQcF92gC
[RHSA-2018:3350-01] Important: java-1.7.0-openjdk security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2018:3350-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3350 Issue date:2018-10-30 CVE Names: CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 = 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1639293 - CVE-2018-3169 OpenJDK: Improper field access checks (Hotspot, 8199226) 1639301 - CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) 1639442 - CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) 1639484 - CVE-2018-3180 OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) 1639755 - CVE-2018-3136 OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) 1639834 - CVE-2018-3149 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.201-2.6.16.1.el7_6.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.1.el7_6.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.201-2.6.16.1.el7_6.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.1.el7_6.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.1.el7_6.x86_64.rpm