[RHSA-2017:1833-01] Important: chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2017:1833-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:1833 Issue date:2017-07-31 CVE Names: CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5096 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000 = 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 60.0.3112.78. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5106, CVE-2017-7000, CVE-2017-5105, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1475193 - CVE-2017-5091 chromium-browser: use after free in indexeddb 1475194 - CVE-2017-5092 chromium-browser: use after free in ppapi 1475195 - CVE-2017-5093 chromium-browser: ui spoofing in blink 1475196 - CVE-2017-5094 chromium-browser: type confusion in extensions 1475197 - CVE-2017-5095 chromium-browser: out-of-bounds write in pdfium 1475198 - CVE-2017-5096 chromium-browser: user information leak via android intents 1475199 - CVE-2017-5097 chromium-browser: out-of-bounds read in skia 1475200 - CVE-2017-5098 chromium-browser: use after free in v8 1475201 - CVE-2017-5099 chromium-browser: out-of-bounds write in ppapi 1475202 - CVE-2017-5100 chromium-browser: use after free in chrome apps 1475203 - CVE-2017-5101 chromium-browser: url spoofing in omnibox 1475204 - CVE-2017-5102 chromium-browser: uninitialized use in skia 1475205 - CVE-2017-5103 chromium-browser: uninitialized use in skia 1475206 - CVE-2017-5104 chromium-browser: ui spoofing in browser 1475207 - CVE-2017-7000 chromium-browser: pointer disclosure in sqlite 1475208 - CVE-2017-5105 chromium-browser: url spoofing in omnibox 1475209 - CVE-2017-5106 chromium-browser: url spoofing in omnibox 1475210 - CVE-2017-5107 chromium-browser: user information leak via svg 1475211 - CVE-2017-5108 chromium-browser: type confusion in pdfium 1475212 - CVE-2017-5109 chromium-browser: ui spoofing in browser 1475213 - CVE-2017-5110 chromium-browser: ui spoofing in payments dialog 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-60.0.3112.78-1.el6_9.i686.rpm chromium-browser-debuginfo-60.0.3112.78-1.el6_9.i686.rpm x86_64: chromium-browser-60.0.3112.78-1.el6_9.x86_64.rpm chromium-browser-debuginfo-60.0.3112.78-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-60.0.3112.78-1.el6_9.i686.rpm chromium-browser-debuginfo-60.0.3112.78-1.el6_9.i686.rpm x86_64: chromium-browser-60.0.3112.78-1.el6_9.x86_64.rpm chromium-browser-debuginfo-60.0.3112.78-1.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-60.0.3112.78-1.el6_9.i686.rpm chromium-browser-debuginfo-60.0.3112.78-1.el6_9.i686.rpm x86_64: chromium-browser-60.0.3112.78-1.el6_9.x86_64.rpm chromium-browser-debuginfo-60.0.3112.78-1.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available
[RHSA-2017:1837-01] Important: eap7-jboss-ec2-eap security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: eap7-jboss-ec2-eap security update Advisory ID: RHSA-2017:1837-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1837 Issue date:2017-07-31 CVE Names: CVE-2016-4978 CVE-2017-7525 = 1. Summary: An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server - noarch Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server - noarch 3. Description: The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.7. Refer to the JBoss Enterprise Application Platform 7.0.7 Release Notes, linked to in the References section, for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) * It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1379207 - CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-9466 - jboss-ec2-eap for EAP 7.0.7 7. Package List: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server: Source: eap7-jboss-ec2-eap-7.0.7-1.GA_redhat_1.ep7.el6.src.rpm noarch: eap7-jboss-ec2-eap-7.0.7-1.GA_redhat_1.ep7.el6.noarch.rpm eap7-jboss-ec2-eap-samples-7.0.7-1.GA_redhat_1.ep7.el6.noarch.rpm Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server: Source: eap7-jboss-ec2-eap-7.0.7-1.GA_redhat_1.ep7.el7.src.rpm noarch: eap7-jboss-ec2-eap-7.0.7-1.GA_redhat_1.ep7.el7.noarch.rpm eap7-jboss-ec2-eap-samples-7.0.7-1.GA_redhat_1.ep7.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2016-4978 https://access.redhat.com/security/cve/CVE-2017-7525 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/ https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/ https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/ 9. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZf0u6XlSAg2UNWIIRAuGPAJ0ajp7wHYlxSHBHropcvmVYqeJnbwCgt7VP xUtYFLU+7D11mscwGdNAFEo= =nj5w -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1838-01] Moderate: rh-postgresql95-postgresql security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: rh-postgresql95-postgresql security update Advisory ID: RHSA-2017:1838-01 Product: Red Hat Satellite Advisory URL: https://access.redhat.com/errata/RHSA-2017:1838 Issue date:2017-07-31 CVE Names: CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 = 1. Summary: An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This update applies only to Satellite 5.8 instances using either embedded or managed PostgreSQL databases. There are manual steps required in order to finish the migration from postgresql92-postgresql to rh-postgresql95-postgresql. If these steps are not undertaken, the affected Satellite will continue to use PostgreSQL 9.2. postgresql92-postgresql will be upgraded automatically to rh-postgresql95-postgresql as part of an upgrade to Satellite 5.8. 2. Relevant releases/architectures: Red Hat Satellite 5.8 (RHEL v.6) - s390x, x86_64 Red Hat Satellite 5.8 ELS (RHEL v.6) - s390x, x86_64 Red Hat Satellite Managed DB 5.8 (RHEL v.6) - s390x, x86_64 Red Hat Satellite Managed DB 5.8 ELS (RHEL v.6) - s390x, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; Daniel Gustafsson as the original reporter of CVE-2017-7485; and Andrew Wheelwright as the original reporter of CVE-2017-7486. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After applying this update restart Satellite database using following command: db-control stop && db-control start 5. Bugs fixed (https://bugzilla.redhat.com/): 1448078 - CVE-2017-7484 postgresql: Selectivity estimators bypass SELECT privilege checks 1448086 - CVE-2017-7485 postgresql: libpq ignores PGREQUIRESSL environment variable 1448089 - CVE-2017-7486 postgresql: pg_user_mappings view discloses foreign server passwords 6. Package List: Red Hat Satellite Managed DB 5.8 (RHEL v.6): Source: rh-postgresql95-postgresql-9.5.7-2.el6.src.rpm s390x: rh-postgresql95-postgresql-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-contrib-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-debuginfo-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-libs-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-pltcl-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-server-9.5.7-2.el6.s390x.rpm x86_64: rh-postgresql95-postgresql-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-server-9.5.7-2.el6.x86_64.rpm Red Hat Satellite Managed DB 5.8 ELS (RHEL v.6): Source: rh-postgresql95-postgresql-9.5.7-2.el6.src.rpm s390x: rh-postgresql95-postgresql-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-contrib-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-debuginfo-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-libs-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-pltcl-9.5.7-2.el6.s390x.rpm rh-postgresql95-postgresql-server-9.5.7-2.el6.s390x.rpm x86_64: rh-postgresql95-postgresql-9.5.7-2.el6.x86_64.rpm
[RHSA-2017:1839-01] Important: rh-eclipse46-jackson-databind security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: rh-eclipse46-jackson-databind security update Advisory ID: RHSA-2017:1839-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1839 Issue date:2017-07-31 CVE Names: CVE-2017-7525 = 1. Summary: An update for rh-eclipse46-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix(es): * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-eclipse46-jackson-databind-2.6.3-2.3.el7.src.rpm noarch: rh-eclipse46-jackson-databind-2.6.3-2.3.el7.noarch.rpm rh-eclipse46-jackson-databind-javadoc-2.6.3-2.3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-eclipse46-jackson-databind-2.6.3-2.3.el7.src.rpm noarch: rh-eclipse46-jackson-databind-2.6.3-2.3.el7.noarch.rpm rh-eclipse46-jackson-databind-javadoc-2.6.3-2.3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-eclipse46-jackson-databind-2.6.3-2.3.el7.src.rpm noarch: rh-eclipse46-jackson-databind-2.6.3-2.3.el7.noarch.rpm rh-eclipse46-jackson-databind-javadoc-2.6.3-2.3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7525 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZf1zWXlSAg2UNWIIRAgEIAKCYcnw4RVh9+WSlF3+lbPiGY6Yr3gCeJ8Fr 7db1dOhyIzap6Xv4mWvWTpA= =3cS2 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1834-01] Important: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 6 Advisory ID: RHSA-2017:1834-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1834 Issue date:2017-07-31 CVE Names: CVE-2016-4978 CVE-2017-7525 = 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix(es): * A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) * It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1379207 - CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-9464 - Tracker bug for the EAP 7.0.7 release for RHEL-6 7. Package List: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server: Source: eap7-activemq-artemis-1.1.0-18.SP21_redhat_1.1.ep7.el6.src.rpm eap7-glassfish-jsf-2.2.12-2.SP4_redhat_1.1.ep7.el6.src.rpm eap7-hibernate-5.0.14-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-ironjacamar-1.3.7-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-jackson-databind-2.5.4-2.redhat_2.1.ep7.el6.src.rpm eap7-jboss-modules-1.5.4-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-jboss-remoting-4.0.23-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-jboss-xnio-base-3.4.6-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-resteasy-3.0.19-6.SP4_redhat_1.1.ep7.el6.src.rpm eap7-wildfly-7.0.7-4.GA_redhat_3.1.ep7.el6.src.rpm eap7-wildfly-javadocs-7.0.7-3.GA_redhat_4.1.ep7.el6.src.rpm eap7-wildfly-web-console-eap-2.8.30-1.Final_redhat_1.1.ep7.el6.src.rpm noarch: eap7-activemq-artemis-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-cli-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-commons-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-core-client-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-dto-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-hornetq-protocol-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-hqclient-protocol-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-jms-client-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-jms-server-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-journal-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-native-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-ra-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-selector-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-server-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-service-extensions-1.1.0-18.SP21_redhat_1.1.ep7.el6.noarch.rpm eap7-glassfish-jsf-2.2.12-2.SP4_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-5.0.14-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-core-5.0.14-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-entitymanager-5.0.14-1.Final_redhat_1.1.ep7.el6.noarch.rpm
[RHSA-2017:1836-01] Important: Red Hat JBoss Enterprise Application Platform 7.0.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.0.7 Advisory ID: RHSA-2017:1836-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1836 Issue date:2017-07-31 CVE Names: CVE-2016-4978 CVE-2017-7525 = 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) * It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1379207 - CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 5. References: https://access.redhat.com/security/cve/CVE-2016-4978 https://access.redhat.com/security/cve/CVE-2017-7525 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform=securityPatches=7.0 https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/ https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/ 6. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZf0Q5XlSAg2UNWIIRAtUtAKCWq1DaaLDVfu+tlaIMQTKfUw6SDACfabQp MpnEvHHPoWII54nU7gLH5YI= =iy7P -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1835-01] Important: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 7 Advisory ID: RHSA-2017:1835-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1835 Issue date:2017-07-31 CVE Names: CVE-2016-4978 CVE-2017-7525 = 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix(es): * A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) * It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1379207 - CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-9465 - Tracker bug for the EAP 7.0.7 release for RHEL-7 7. Package List: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server: Source: eap7-activemq-artemis-1.1.0-18.SP21_redhat_1.1.ep7.el7.src.rpm eap7-glassfish-jsf-2.2.12-2.SP4_redhat_1.1.ep7.el7.src.rpm eap7-hibernate-5.0.14-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-ironjacamar-1.3.7-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jackson-databind-2.5.4-2.redhat_2.1.ep7.el7.src.rpm eap7-jboss-modules-1.5.4-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jboss-remoting-4.0.23-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jboss-xnio-base-3.4.6-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-resteasy-3.0.19-6.SP4_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-7.0.7-4.GA_redhat_3.1.ep7.el7.src.rpm eap7-wildfly-javadocs-7.0.7-3.GA_redhat_4.1.ep7.el7.src.rpm eap7-wildfly-web-console-eap-2.8.30-1.Final_redhat_1.1.ep7.el7.src.rpm noarch: eap7-activemq-artemis-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-cli-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-commons-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-core-client-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-dto-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-hornetq-protocol-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-hqclient-protocol-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jms-client-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jms-server-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-journal-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-native-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-ra-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-selector-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-server-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-service-extensions-1.1.0-18.SP21_redhat_1.1.ep7.el7.noarch.rpm eap7-glassfish-jsf-2.2.12-2.SP4_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-5.0.14-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-core-5.0.14-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-entitymanager-5.0.14-1.Final_redhat_1.1.ep7.el7.noarch.rpm
[RHSA-2017:1840-01] Important: devtoolset-4-jackson-databind security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: devtoolset-4-jackson-databind security update Advisory ID: RHSA-2017:1840-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1840 Issue date:2017-07-31 CVE Names: CVE-2017-7525 = 1. Summary: An update for devtoolset-4-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix(es): * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: devtoolset-4-jackson-databind-2.5.0-2.4.el6.src.rpm noarch: devtoolset-4-jackson-databind-2.5.0-2.4.el6.noarch.rpm devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: devtoolset-4-jackson-databind-2.5.0-2.4.el6.src.rpm noarch: devtoolset-4-jackson-databind-2.5.0-2.4.el6.noarch.rpm devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: devtoolset-4-jackson-databind-2.5.0-2.4.el6.src.rpm noarch: devtoolset-4-jackson-databind-2.5.0-2.4.el6.noarch.rpm devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm noarch: devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm noarch: devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: devtoolset-4-jackson-databind-2.5.0-2.4.el7.src.rpm noarch: devtoolset-4-jackson-databind-2.5.0-2.4.el7.noarch.rpm devtoolset-4-jackson-databind-javadoc-2.5.0-2.4.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7525 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZf2GJXlSAg2UNWIIRAqU+AJ0UTlDS8WN8y/upRsPh/KSEB/Gs1ACgkqJW ERxYMD6ZZZrgot9pM3U07vE= =m/e7 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2285-01] Moderate: authconfig security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: authconfig security, bug fix, and enhancement update Advisory ID: RHSA-2017:2285-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2285 Issue date:2017-08-01 CVE Names: CVE-2017-7488 = 1. Summary: An update for authconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The authconfig packages contain a command-line utility and a GUI application that can configure a workstation to be a client for certain network user information, authentication schemes, and other user information and authentication-related options. Security Fix(es): * A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. (CVE-2017-7488) This issue was discovered by Tomas Mraz (Red Hat) and Thorsten Scherf (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1329598 - authconfig breaks PAM system-auth-ac password-auth-ac for sssd in RHEL7.2 1378943 - [RFE] Allow authconfig to configure Smartcard authentication with SSSD 1441374 - gdm prompts for user password when smartcard login is configured and smartcard is inserted 1441604 - CVE-2017-7488 authconfig: Information leak when SSSD is used for authentication against remote server 1443949 - authconfig generates sssd.conf with --updateall --enablesssd --enablesssdauth 1449625 - Unlocalized strings and fuzzy translations in de, es, fr, it, ja, ko, pt_BR, ru, zh_CN, zh_TW 1450425 - After ipa-server-install cannot ssh to machine anymore. 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: authconfig-6.2.8-30.el7.src.rpm x86_64: authconfig-6.2.8-30.el7.x86_64.rpm authconfig-debuginfo-6.2.8-30.el7.x86_64.rpm authconfig-gtk-6.2.8-30.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: authconfig-6.2.8-30.el7.src.rpm x86_64: authconfig-6.2.8-30.el7.x86_64.rpm authconfig-debuginfo-6.2.8-30.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: authconfig-debuginfo-6.2.8-30.el7.x86_64.rpm authconfig-gtk-6.2.8-30.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: authconfig-6.2.8-30.el7.src.rpm aarch64: authconfig-6.2.8-30.el7.aarch64.rpm authconfig-debuginfo-6.2.8-30.el7.aarch64.rpm authconfig-gtk-6.2.8-30.el7.aarch64.rpm ppc64: authconfig-6.2.8-30.el7.ppc64.rpm authconfig-debuginfo-6.2.8-30.el7.ppc64.rpm authconfig-gtk-6.2.8-30.el7.ppc64.rpm ppc64le: authconfig-6.2.8-30.el7.ppc64le.rpm authconfig-debuginfo-6.2.8-30.el7.ppc64le.rpm authconfig-gtk-6.2.8-30.el7.ppc64le.rpm s390x: authconfig-6.2.8-30.el7.s390x.rpm authconfig-debuginfo-6.2.8-30.el7.s390x.rpm authconfig-gtk-6.2.8-30.el7.s390x.rpm x86_64: authconfig-6.2.8-30.el7.x86_64.rpm authconfig-debuginfo-6.2.8-30.el7.x86_64.rpm authconfig-gtk-6.2.8-30.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: authconfig-6.2.8-30.el7.src.rpm x86_64: authconfig-6.2.8-30.el7.x86_64.rpm authconfig-debuginfo-6.2.8-30.el7.x86_64.rpm authconfig-gtk-6.2.8-30.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7488 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE-
[RHSA-2017:2338-01] Moderate: samba security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: samba security update Advisory ID: RHSA-2017:2338-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2017:2338 Issue date:2017-08-01 CVE Names: CVE-2017-2619 CVE-2017-9461 = 1. Summary: An update for samba is now available for Red Hat Gluster Storage 3.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster 3.2 Samba on RHEL-7 - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1429472 - CVE-2017-2619 samba: symlink race permits opening files outside share directory 1459464 - CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks 1465528 - RHEL7.4 Upgrade fails over RHGS 3.2.0 for samba ctdb packages 6. Package List: Red Hat Gluster 3.2 Samba on RHEL-7: Source: samba-4.6.3-4.el7rhgs.src.rpm noarch: samba-common-4.6.3-4.el7rhgs.noarch.rpm samba-pidl-4.6.3-4.el7rhgs.noarch.rpm x86_64: ctdb-4.6.3-4.el7rhgs.x86_64.rpm ctdb-tests-4.6.3-4.el7rhgs.x86_64.rpm libsmbclient-4.6.3-4.el7rhgs.x86_64.rpm libsmbclient-devel-4.6.3-4.el7rhgs.x86_64.rpm libwbclient-4.6.3-4.el7rhgs.x86_64.rpm libwbclient-devel-4.6.3-4.el7rhgs.x86_64.rpm samba-4.6.3-4.el7rhgs.x86_64.rpm samba-client-4.6.3-4.el7rhgs.x86_64.rpm samba-client-libs-4.6.3-4.el7rhgs.x86_64.rpm samba-common-libs-4.6.3-4.el7rhgs.x86_64.rpm samba-common-tools-4.6.3-4.el7rhgs.x86_64.rpm samba-dc-4.6.3-4.el7rhgs.x86_64.rpm samba-dc-libs-4.6.3-4.el7rhgs.x86_64.rpm samba-debuginfo-4.6.3-4.el7rhgs.x86_64.rpm samba-devel-4.6.3-4.el7rhgs.x86_64.rpm samba-krb5-printing-4.6.3-4.el7rhgs.x86_64.rpm samba-libs-4.6.3-4.el7rhgs.x86_64.rpm samba-python-4.6.3-4.el7rhgs.x86_64.rpm samba-test-4.6.3-4.el7rhgs.x86_64.rpm samba-test-libs-4.6.3-4.el7rhgs.x86_64.rpm samba-vfs-glusterfs-4.6.3-4.el7rhgs.x86_64.rpm samba-winbind-4.6.3-4.el7rhgs.x86_64.rpm samba-winbind-clients-4.6.3-4.el7rhgs.x86_64.rpm samba-winbind-krb5-locator-4.6.3-4.el7rhgs.x86_64.rpm samba-winbind-modules-4.6.3-4.el7rhgs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2619 https://access.redhat.com/security/cve/CVE-2017-9461 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZgDMRXlSAg2UNWIIRAmx7AJ4/yrWNAzO0L+QSTnhkGBUpBRSE0QCeO4za WSjthzb7dTXz2qqQ6jWTeS0= =/JaT -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2299-01] Moderate: NetworkManager and libnl3 security, bug fix and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: NetworkManager and libnl3 security, bug fix and enhancement update Advisory ID: RHSA-2017:2299-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2299 Issue date:2017-08-01 CVE Names: CVE-2017-0553 = 1. Summary: An update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The libnl3 packages contain a convenience library that simplifies using the Linux kernel's Netlink sockets interface for network manipulation. The following packages have been upgraded to a later upstream version: NetworkManager (1.8.0), network-manager-applet (1.8.0). (BZ#1413312, BZ#1414103, BZ#1441621) Security Fix(es) in the libnl3 component: * An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1231526 - nmcli slow with large numbers of VLANs 1256822 - [RFE] support ipv6 shared connections 1312359 - activating vlan on virtual device fails with: failed to determine interface name: error determine name for vlan 1344303 - hostnamectl set-hostname over-writes existing resolv.conf entries 1348198 - [RFE] cannot easily change active_slave 1349266 - NetworkManager adds extra options while bonding mode=6, which causes extra warning 1351263 - [review] lr/cli-ask-rh1351263: [RFE] allow passing -a to the end of nmcli command 1360386 - bond slaves of master which is slave of a bridge are sometimes not activated in installer 1367752 - startin team slave when master has invalid json config leads to infinite connecting state 1368353 - [NMCI] [abrt] [faf] NetworkManager: g_object_get_property(): /usr/bin/nmcli killed by 11 1369008 - Once NetworkManager is stopped, the ifcfg files it created via nmtui\cockpit are incompatible with initscripts, since MASTER=UUID instead of MASTER=device_name 1369380 - NetworkManager.service ignores commented 'ONBOOT=no # comment' lines in ifcfg 1369716 - Checkpoint/rollback improvements 1371126 - layer 2-only device is taken down when NetworkManager stops 1371433 - [RFE] Directly instruct NM to avoid controlling and monitoring a device. 1376199 - stalled eth1.80 vlan after restart and connection delete 1378418 - vlan device is down and lost ip once stopping NetworkManager 1380165 - [NMCI] just last address specified in novice mode is written into profile 1384937 - [NMCI] team activation timeout with incorrect setup 1386106 - NM fails to detect Red Hat VPN after first login 1388286 - Incorrect MAC address set on em1 after interface renaming 1388613 - [RFE] Allow setting the MTU of mobile broadband connections in NetworkManager 1391170 - nmcli should show output in non-pretty-printed form for parsing 1391477 - [bug] ifcfg-rh plugin fails to re-read valid connection 802-1x connection 1393853 - [NMCI] add team fails after clean install, NM service restart helps 1393997 - nmcli duplicates a connection after a NetworkManager
[RHSA-2017:2292-01] Moderate: gnutls security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: gnutls security, bug fix, and enhancement update Advisory ID: RHSA-2017:2292-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2292 Issue date:2017-08-01 CVE Names: CVE-2016-7444 CVE-2017-5334 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2017-7507 CVE-2017-7869 = 1. Summary: An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es): * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1335931 - gnutls: Disable TLS connections with less than 1024-bit DH parameters 1374266 - CVE-2016-7444 gnutls: Incorrect certificate validation when using OCSP responses (GNUTLS-SA-2016-3) 1375303 - gnutls trusts a certificate whose CA is both explicitly trusted and blacklisted 1375463 - doc update: certtool's manpage does not mention it cannot handle PKCS#11 URLs for certain options 1378373 - RFE: Add functions to set issuer and subject id in x509 certificates 1379283 - gnutls: Support the pin-value attribute in RFC7512 URLs 1379739 - gnutls: do not require trousers 1380642 - Cannot read encrypted PKCS#8 from OpenSSL 1383748 - GnuTLS parses only the first 32 extensions, ignoring the rest 1388932 - gnutls: interoperability issue 3.3.x vs. 3.5.5 1399232 - RFE: p11tool command misses the --id option 1411835 - CVE-2017-5334 gnutls: Double-free while decoding crafted X.509 certificates 1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c 1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate 1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid 1443033 - CVE-2017-7869 gnutls: Out-of-bounds write related to the cdk_pkt_read function (GNUTLS-SA-2017-3) 1454621 - CVE-2017-7507 gnutls: Crash upon receiving well-formed status_request extension 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gnutls-3.3.26-9.el7.src.rpm x86_64: gnutls-3.3.26-9.el7.i686.rpm gnutls-3.3.26-9.el7.x86_64.rpm gnutls-dane-3.3.26-9.el7.i686.rpm gnutls-dane-3.3.26-9.el7.x86_64.rpm gnutls-debuginfo-3.3.26-9.el7.i686.rpm gnutls-debuginfo-3.3.26-9.el7.x86_64.rpm gnutls-utils-3.3.26-9.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gnutls-c++-3.3.26-9.el7.i686.rpm gnutls-c++-3.3.26-9.el7.x86_64.rpm gnutls-debuginfo-3.3.26-9.el7.i686.rpm
[RHSA-2017:2180-01] Low: ghostscript security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Low: ghostscript security and bug fix update Advisory ID: RHSA-2017:2180-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2180 Issue date:2017-08-01 CVE Names: CVE-2017-7207 = 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process. (CVE-2017-7207) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1411725 - Ghostscript regression, .eps files no longer work 1424752 - ghostscript bug creates high CPU load and hangs 1434353 - CVE-2017-7207 ghostscript: NULL pointer dereference in mem_get_bits_rectangle() 1436273 - ghostscript update cause symbol lookup error 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ghostscript-9.07-28.el7.src.rpm x86_64: ghostscript-9.07-28.el7.i686.rpm ghostscript-9.07-28.el7.x86_64.rpm ghostscript-cups-9.07-28.el7.x86_64.rpm ghostscript-debuginfo-9.07-28.el7.i686.rpm ghostscript-debuginfo-9.07-28.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ghostscript-doc-9.07-28.el7.noarch.rpm x86_64: ghostscript-debuginfo-9.07-28.el7.i686.rpm ghostscript-debuginfo-9.07-28.el7.x86_64.rpm ghostscript-devel-9.07-28.el7.i686.rpm ghostscript-devel-9.07-28.el7.x86_64.rpm ghostscript-gtk-9.07-28.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ghostscript-9.07-28.el7.src.rpm x86_64: ghostscript-9.07-28.el7.i686.rpm ghostscript-9.07-28.el7.x86_64.rpm ghostscript-cups-9.07-28.el7.x86_64.rpm ghostscript-debuginfo-9.07-28.el7.i686.rpm ghostscript-debuginfo-9.07-28.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ghostscript-doc-9.07-28.el7.noarch.rpm x86_64: ghostscript-debuginfo-9.07-28.el7.i686.rpm ghostscript-debuginfo-9.07-28.el7.x86_64.rpm ghostscript-devel-9.07-28.el7.i686.rpm ghostscript-devel-9.07-28.el7.x86_64.rpm ghostscript-gtk-9.07-28.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ghostscript-9.07-28.el7.src.rpm aarch64: ghostscript-9.07-28.el7.aarch64.rpm ghostscript-cups-9.07-28.el7.aarch64.rpm ghostscript-debuginfo-9.07-28.el7.aarch64.rpm ppc64: ghostscript-9.07-28.el7.ppc.rpm ghostscript-9.07-28.el7.ppc64.rpm ghostscript-cups-9.07-28.el7.ppc64.rpm ghostscript-debuginfo-9.07-28.el7.ppc.rpm ghostscript-debuginfo-9.07-28.el7.ppc64.rpm ppc64le: ghostscript-9.07-28.el7.ppc64le.rpm ghostscript-cups-9.07-28.el7.ppc64le.rpm ghostscript-debuginfo-9.07-28.el7.ppc64le.rpm s390x: ghostscript-9.07-28.el7.s390.rpm ghostscript-9.07-28.el7.s390x.rpm ghostscript-cups-9.07-28.el7.s390x.rpm ghostscript-debuginfo-9.07-28.el7.s390.rpm ghostscript-debuginfo-9.07-28.el7.s390x.rpm x86_64: ghostscript-9.07-28.el7.i686.rpm ghostscript-9.07-28.el7.x86_64.rpm ghostscript-cups-9.07-28.el7.x86_64.rpm ghostscript-debuginfo-9.07-28.el7.i686.rpm ghostscript-debuginfo-9.07-28.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: ghostscript-debuginfo-9.07-28.el7.aarch64.rpm ghostscript-devel-9.07-28.el7.aarch64.rpm ghostscript-gtk-9.07-28.el7.aarch64.rpm noarch: ghostscript-doc-9.07-28.el7.noarch.rpm ppc64: ghostscript-debuginfo-9.07-28.el7.ppc.rpm
[RHSA-2017:2389-01] Important: freeradius security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: freeradius security update Advisory ID: RHSA-2017:2389-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2389 Issue date:2017-08-01 CVE Names: CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 = 1. Summary: An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10984) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10983) * A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet. (CVE-2017-10985) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10986, CVE-2017-10987) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1468487 - CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() 1468503 - CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63 1468549 - CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() 1468550 - CVE-2017-10985 freeradius: Infinite loop and memory exhaustion with 'concat' attributes 1468551 - CVE-2017-10986 freeradius: Infinite read in dhcp_attr2vp() 1468552 - CVE-2017-10987 freeradius: Buffer over-read in fr_dhcp_decode_suboptions() 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: freeradius-3.0.13-8.el7_4.src.rpm aarch64: freeradius-3.0.13-8.el7_4.aarch64.rpm freeradius-debuginfo-3.0.13-8.el7_4.aarch64.rpm ppc64: freeradius-3.0.13-8.el7_4.ppc64.rpm freeradius-debuginfo-3.0.13-8.el7_4.ppc64.rpm ppc64le: freeradius-3.0.13-8.el7_4.ppc64le.rpm freeradius-debuginfo-3.0.13-8.el7_4.ppc64le.rpm s390x: freeradius-3.0.13-8.el7_4.s390x.rpm freeradius-debuginfo-3.0.13-8.el7_4.s390x.rpm x86_64: freeradius-3.0.13-8.el7_4.x86_64.rpm freeradius-debuginfo-3.0.13-8.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: freeradius-debuginfo-3.0.13-8.el7_4.aarch64.rpm freeradius-devel-3.0.13-8.el7_4.aarch64.rpm freeradius-doc-3.0.13-8.el7_4.aarch64.rpm freeradius-krb5-3.0.13-8.el7_4.aarch64.rpm freeradius-ldap-3.0.13-8.el7_4.aarch64.rpm freeradius-mysql-3.0.13-8.el7_4.aarch64.rpm freeradius-perl-3.0.13-8.el7_4.aarch64.rpm freeradius-postgresql-3.0.13-8.el7_4.aarch64.rpm freeradius-python-3.0.13-8.el7_4.aarch64.rpm freeradius-sqlite-3.0.13-8.el7_4.aarch64.rpm freeradius-unixODBC-3.0.13-8.el7_4.aarch64.rpm
[RHSA-2017:2388-01] Important: evince security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: evince security update Advisory ID: RHSA-2017:2388-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2388 Issue date:2017-08-01 CVE Names: CVE-2017-183 = 1. Summary: An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es): * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-183) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1468488 - CVE-2017-183 evince: command injection via filename in tar-compressed comics archive 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: evince-3.22.1-5.2.el7_4.src.rpm x86_64: evince-3.22.1-5.2.el7_4.x86_64.rpm evince-debuginfo-3.22.1-5.2.el7_4.i686.rpm evince-debuginfo-3.22.1-5.2.el7_4.x86_64.rpm evince-dvi-3.22.1-5.2.el7_4.x86_64.rpm evince-libs-3.22.1-5.2.el7_4.i686.rpm evince-libs-3.22.1-5.2.el7_4.x86_64.rpm evince-nautilus-3.22.1-5.2.el7_4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: evince-browser-plugin-3.22.1-5.2.el7_4.x86_64.rpm evince-debuginfo-3.22.1-5.2.el7_4.i686.rpm evince-debuginfo-3.22.1-5.2.el7_4.x86_64.rpm evince-devel-3.22.1-5.2.el7_4.i686.rpm evince-devel-3.22.1-5.2.el7_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: evince-3.22.1-5.2.el7_4.src.rpm aarch64: evince-3.22.1-5.2.el7_4.aarch64.rpm evince-debuginfo-3.22.1-5.2.el7_4.aarch64.rpm evince-dvi-3.22.1-5.2.el7_4.aarch64.rpm evince-libs-3.22.1-5.2.el7_4.aarch64.rpm evince-nautilus-3.22.1-5.2.el7_4.aarch64.rpm ppc64: evince-3.22.1-5.2.el7_4.ppc64.rpm evince-debuginfo-3.22.1-5.2.el7_4.ppc.rpm evince-debuginfo-3.22.1-5.2.el7_4.ppc64.rpm evince-dvi-3.22.1-5.2.el7_4.ppc64.rpm evince-libs-3.22.1-5.2.el7_4.ppc.rpm evince-libs-3.22.1-5.2.el7_4.ppc64.rpm evince-nautilus-3.22.1-5.2.el7_4.ppc64.rpm ppc64le: evince-3.22.1-5.2.el7_4.ppc64le.rpm evince-debuginfo-3.22.1-5.2.el7_4.ppc64le.rpm evince-dvi-3.22.1-5.2.el7_4.ppc64le.rpm evince-libs-3.22.1-5.2.el7_4.ppc64le.rpm evince-nautilus-3.22.1-5.2.el7_4.ppc64le.rpm s390x: evince-3.22.1-5.2.el7_4.s390x.rpm evince-debuginfo-3.22.1-5.2.el7_4.s390.rpm evince-debuginfo-3.22.1-5.2.el7_4.s390x.rpm evince-dvi-3.22.1-5.2.el7_4.s390x.rpm evince-libs-3.22.1-5.2.el7_4.s390.rpm evince-libs-3.22.1-5.2.el7_4.s390x.rpm evince-nautilus-3.22.1-5.2.el7_4.s390x.rpm x86_64: evince-3.22.1-5.2.el7_4.x86_64.rpm evince-debuginfo-3.22.1-5.2.el7_4.i686.rpm evince-debuginfo-3.22.1-5.2.el7_4.x86_64.rpm evince-dvi-3.22.1-5.2.el7_4.x86_64.rpm evince-libs-3.22.1-5.2.el7_4.i686.rpm evince-libs-3.22.1-5.2.el7_4.x86_64.rpm evince-nautilus-3.22.1-5.2.el7_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: evince-browser-plugin-3.22.1-5.2.el7_4.aarch64.rpm evince-debuginfo-3.22.1-5.2.el7_4.aarch64.rpm evince-devel-3.22.1-5.2.el7_4.aarch64.rpm ppc64: evince-browser-plugin-3.22.1-5.2.el7_4.ppc64.rpm evince-debuginfo-3.22.1-5.2.el7_4.ppc.rpm evince-debuginfo-3.22.1-5.2.el7_4.ppc64.rpm evince-devel-3.22.1-5.2.el7_4.ppc.rpm evince-devel-3.22.1-5.2.el7_4.ppc64.rpm ppc64le: evince-browser-plugin-3.22.1-5.2.el7_4.ppc64le.rpm evince-debuginfo-3.22.1-5.2.el7_4.ppc64le.rpm evince-devel-3.22.1-5.2.el7_4.ppc64le.rpm s390x: evince-browser-plugin-3.22.1-5.2.el7_4.s390x.rpm
[RHSA-2017:2247-01] Low: tomcat security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Low: tomcat security, bug fix, and enhancement update Advisory ID: RHSA-2017:2247-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2247 Issue date:2017-08-01 CVE Names: CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 = 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a later upstream version: tomcat (7.0.76). (BZ#1414895) Security Fix(es): * The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762) * It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018) * It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794) * It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796) * It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources 1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters 1390520 - CVE-2016-6794 tomcat: system property disclosure 1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function 1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation 1411738 - Please update tomcat to >= 7.0.70 to fix ASF Bugzilla – Bug 59619 1414895 - Rebase tomcat to the current release 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.76-2.el7.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-2.el7.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.76-2.el7.noarch.rpm tomcat-admin-webapps-7.0.76-2.el7.noarch.rpm tomcat-docs-webapp-7.0.76-2.el7.noarch.rpm tomcat-el-2.2-api-7.0.76-2.el7.noarch.rpm tomcat-javadoc-7.0.76-2.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-2.el7.noarch.rpm tomcat-jsvc-7.0.76-2.el7.noarch.rpm tomcat-lib-7.0.76-2.el7.noarch.rpm tomcat-webapps-7.0.76-2.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.76-2.el7.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-2.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.76-2.el7.noarch.rpm tomcat-admin-webapps-7.0.76-2.el7.noarch.rpm tomcat-docs-webapp-7.0.76-2.el7.noarch.rpm tomcat-el-2.2-api-7.0.76-2.el7.noarch.rpm tomcat-javadoc-7.0.76-2.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.76-2.el7.noarch.rpm tomcat-jsvc-7.0.76-2.el7.noarch.rpm tomcat-lib-7.0.76-2.el7.noarch.rpm tomcat-webapps-7.0.76-2.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.76-2.el7.src.rpm noarch: tomcat-7.0.76-2.el7.noarch.rpm tomcat-admin-webapps-7.0.76-2.el7.noarch.rpm tomcat-el-2.2-api-7.0.76-2.el7.noarch.rpm
[RHSA-2017:2390-01] Moderate: qemu-kvm-rhev security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2017:2390-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2017:2390 Issue date:2017-08-01 CVE Names: CVE-2017-10664 = 1. Summary: An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Managment Agent for RHEL 7 Hosts - ppc64le, x86_64 RHEV-H and VDSM for 7 Hosts - ppc64le, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS. (CVE-2017-10664) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1466190 - CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort 1471076 - unbreak virtio-scsi for vIOMMU 1473145 - Wrong allocation value after virDomainBlockCopy() (alloc=capacity) 6. Package List: Managment Agent for RHEL 7 Hosts: Source: qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm ppc64le: qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm x86_64: qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm RHEV-H and VDSM for 7 Hosts: Source: qemu-kvm-rhev-2.9.0-16.el7_4.3.src.rpm ppc64le: qemu-img-rhev-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-common-rhev-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-rhev-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.ppc64le.rpm qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.ppc64le.rpm x86_64: qemu-img-rhev-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-common-rhev-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-rhev-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.3.x86_64.rpm qemu-kvm-tools-rhev-2.9.0-16.el7_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-10664 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZgQy9XlSAg2UNWIIRAusAAJ9aGi9InuU0g7xpEO5newuM0VCqYwCfdnJ7 LrlIpVBbpx/eZs7+hzmw3BE= =cIub -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2392-01] Important: qemu-kvm-rhev security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security, bug fix, and enhancement update Advisory ID: RHSA-2017:2392-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2017:2392 Issue date:2017-08-01 CVE Names: CVE-2016-10155 CVE-2016-4020 CVE-2016-6835 CVE-2016-6888 CVE-2016-7422 CVE-2016-7466 CVE-2016-8576 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2630 CVE-2017-5579 CVE-2017-5898 CVE-2017-5973 CVE-2017-9310 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 = 1. Summary: An update for qemu-kvm-rhev is now available for RHEV 4.X RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Managment Agent for RHEL 7 Hosts - ppc64le, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.9.0). (BZ#1387372, BZ#1387600, BZ#1400962) Security Fix(es): * A stack buffer overflow flaw was found in the Quick Emulator (QEMU) built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. (CVE-2017-2630) * An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898) * An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020) * A memory-leak flaw was found in the Quick Emulator(QEMU) built with USB xHCI controller emulation support. The flaw could occur while doing a USB-device unplug operation. Unplugging the device repeatedly resulted in leaking host memory, affecting other services on the host. A privileged user inside the guest could exploit this flaw to cause a denial of service on the host or potentially crash the host's QEMU process instance. (CVE-2016-7466) * Multiple CVEs(CVE-2016-10155, CVE-2016-4020, CVE-2016-6835, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-2630, CVE-2017-5579, CVE-2017-5898, CVE-2017-5973, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375) were fixed as result of rebase to QEMU version 2.9.0. Red Hat would like to thank Li Qiang (Qihoo 360 Inc.) for reporting CVE-2016-6835 and CVE-2016-6888; Li Qiang (360.cn Inc.) for reporting CVE-2017-5898, CVE-2016-7466, CVE-2016-10155, CVE-2017-5579, and CVE-2017-5973; Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020; Qinghao Tang (Marvel Team 360.cn Inc.) and Zhenhao Hong (Marvel Team 360.cn Inc.) for reporting CVE-2016-7422; PSIRT (Huawei Inc.) for reporting CVE-2016-8669; Andrew Henderson (Intelligent Automation Inc.) for reporting CVE-2016-8910; Qinghao Tang (Qihoo 360), Li Qiang (Qihoo 360), and Jiangxin (Huawei Inc.) for reporting CVE-2016-9921 and CVE-2016-9922; and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, and CVE-2017-9375. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed
[RHSA-2017:2128-01] Moderate: gdm and gnome-session security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: gdm and gnome-session security, bug fix, and enhancement update Advisory ID: RHSA-2017:2128-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2128 Issue date:2017-08-01 CVE Names: CVE-2015-7496 = 1. Summary: An update for gdm and gnome-session is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The GNOME Display Manager (GDM) provides the graphical login screen shown shortly after boot up, log out, and when user-switching. The following packages have been upgraded to a later upstream version: gdm (3.22.3), gnome-session (3.22.3). (BZ#1386862, BZ#1386957) Security Fix(es): * It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen. (CVE-2015-7496) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 GDM must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1273156 - GDM does not work with XDMCP indirect 1283279 - CVE-2015-7496 gdm: Crash when holding Escape in log screen 1373837 - gdm not starting because of error in config 1386862 - rebase gdm to 3.22.x 1386957 - rebase gnome-session to 3.22.x 1392970 - gnome-session-failed segfaults on hard GDM service stop 1448209 - Locked screen does not show a message to insert the smartcard when smartcard is removed 1449632 - Fuzzy translations in de, es, fr, it, ja, ko, pt_BR, ru, zh_CN, zh_TW 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gdm-3.22.3-11.el7.src.rpm gnome-session-3.22.3-4.el7.src.rpm x86_64: gdm-3.22.3-11.el7.i686.rpm gdm-3.22.3-11.el7.x86_64.rpm gdm-debuginfo-3.22.3-11.el7.i686.rpm gdm-debuginfo-3.22.3-11.el7.x86_64.rpm gnome-session-3.22.3-4.el7.x86_64.rpm gnome-session-debuginfo-3.22.3-4.el7.x86_64.rpm gnome-session-xsession-3.22.3-4.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gdm-debuginfo-3.22.3-11.el7.i686.rpm gdm-debuginfo-3.22.3-11.el7.x86_64.rpm gdm-devel-3.22.3-11.el7.i686.rpm gdm-devel-3.22.3-11.el7.x86_64.rpm gnome-session-custom-session-3.22.3-4.el7.x86_64.rpm gnome-session-debuginfo-3.22.3-4.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: gdm-3.22.3-11.el7.src.rpm gnome-session-3.22.3-4.el7.src.rpm x86_64: gdm-3.22.3-11.el7.i686.rpm gdm-3.22.3-11.el7.x86_64.rpm gdm-debuginfo-3.22.3-11.el7.i686.rpm gdm-debuginfo-3.22.3-11.el7.x86_64.rpm gdm-devel-3.22.3-11.el7.i686.rpm gdm-devel-3.22.3-11.el7.x86_64.rpm gnome-session-3.22.3-4.el7.x86_64.rpm gnome-session-custom-session-3.22.3-4.el7.x86_64.rpm gnome-session-debuginfo-3.22.3-4.el7.x86_64.rpm gnome-session-xsession-3.22.3-4.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gdm-3.22.3-11.el7.src.rpm gnome-session-3.22.3-4.el7.src.rpm aarch64: gdm-3.22.3-11.el7.aarch64.rpm gdm-debuginfo-3.22.3-11.el7.aarch64.rpm gnome-session-3.22.3-4.el7.aarch64.rpm gnome-session-debuginfo-3.22.3-4.el7.aarch64.rpm gnome-session-xsession-3.22.3-4.el7.aarch64.rpm ppc64: gdm-3.22.3-11.el7.ppc.rpm gdm-3.22.3-11.el7.ppc64.rpm gdm-debuginfo-3.22.3-11.el7.ppc.rpm gdm-debuginfo-3.22.3-11.el7.ppc64.rpm gnome-session-3.22.3-4.el7.ppc64.rpm gnome-session-debuginfo-3.22.3-4.el7.ppc64.rpm gnome-session-xsession-3.22.3-4.el7.ppc64.rpm ppc64le: gdm-3.22.3-11.el7.ppc64le.rpm gdm-debuginfo-3.22.3-11.el7.ppc64le.rpm gnome-session-3.22.3-4.el7.ppc64le.rpm gnome-session-debuginfo-3.22.3-4.el7.ppc64le.rpm gnome-session-xsession-3.22.3-4.el7.ppc64le.rpm s390x: gdm-3.22.3-11.el7.s390.rpm gdm-3.22.3-11.el7.s390x.rpm gdm-debuginfo-3.22.3-11.el7.s390.rpm
[RHSA-2017:2412-01] Important: kernel security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:2412-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2412 Issue date:2017-08-02 CVE Names: CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 5 ELS) - i386, noarch, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. Bug Fix(es): * When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine (JVM) environments, which attempted to implement their own stack guard page. With this update, the underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the crash in JVM no longer occurs under the described circumstances. (BZ#1467938) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests 6. Package List: Red Hat Enterprise Linux Server (v. 5 ELS): Source: kernel-2.6.18-422.el5.src.rpm i386: kernel-2.6.18-422.el5.i686.rpm kernel-PAE-2.6.18-422.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-422.el5.i686.rpm kernel-PAE-devel-2.6.18-422.el5.i686.rpm kernel-debug-2.6.18-422.el5.i686.rpm kernel-debug-debuginfo-2.6.18-422.el5.i686.rpm kernel-debug-devel-2.6.18-422.el5.i686.rpm kernel-debuginfo-2.6.18-422.el5.i686.rpm kernel-debuginfo-common-2.6.18-422.el5.i686.rpm kernel-devel-2.6.18-422.el5.i686.rpm kernel-headers-2.6.18-422.el5.i386.rpm kernel-xen-2.6.18-422.el5.i686.rpm kernel-xen-debuginfo-2.6.18-422.el5.i686.rpm kernel-xen-devel-2.6.18-422.el5.i686.rpm noarch: kernel-doc-2.6.18-422.el5.noarch.rpm s390x: kernel-2.6.18-422.el5.s390x.rpm kernel-debug-2.6.18-422.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-422.el5.s390x.rpm kernel-debug-devel-2.6.18-422.el5.s390x.rpm kernel-debuginfo-2.6.18-422.el5.s390x.rpm kernel-debuginfo-common-2.6.18-422.el5.s390x.rpm kernel-devel-2.6.18-422.el5.s390x.rpm kernel-headers-2.6.18-422.el5.s390x.rpm kernel-kdump-2.6.18-422.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-422.el5.s390x.rpm kernel-kdump-devel-2.6.18-422.el5.s390x.rpm x86_64: kernel-2.6.18-422.el5.x86_64.rpm kernel-debug-2.6.18-422.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-422.el5.x86_64.rpm kernel-debug-devel-2.6.18-422.el5.x86_64.rpm kernel-debuginfo-2.6.18-422.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-422.el5.x86_64.rpm kernel-devel-2.6.18-422.el5.x86_64.rpm kernel-headers-2.6.18-422.el5.x86_64.rpm kernel-xen-2.6.18-422.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-422.el5.x86_64.rpm kernel-xen-devel-2.6.18-422.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7895 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZgaOFXlSAg2UNWIIRAhPxAJ9v7ACgNckbaAjtH+oFe4cP1jWNVQCeNiIC d1jNey2cSZGOKsTjj7R/FNY= =dU8N -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2000-01] Moderate: tigervnc and fltk security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: tigervnc and fltk security, bug fix, and enhancement update Advisory ID: RHSA-2017:2000-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2000 Issue date:2017-08-01 CVE Names: CVE-2016-10207 CVE-2017-5581 CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 = 1. Summary: An update for tigervnc and fltk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients which allows users to connect to other desktops running a VNC server. FLTK (pronounced "fulltick") is a cross-platform C++ GUI toolkit. It provides modern GUI functionality without the bloat, and supports 3D graphics via OpenGL and its built-in GLUT emulation. The following packages have been upgraded to a later upstream version: tigervnc (1.8.0), fltk (1.3.4). (BZ#1388620, BZ#1413598) Security Fix(es): * A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207) * A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2017-7393) * A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7394) * An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. (CVE-2017-7395) * A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581) * A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7392) * A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7396) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1343899 - Disabling vncconfig window 1358090 - shared memory leakage in vncviewer 1388620 - [REBASE] Tigervnc from 1.3 to 1.8 1393971 - [RFE] systemd unit for Xvnc (not vncserver) 1410164 - tigervnc-server fails to remove /tmp files if not gracefully shut down 1413598 - [REBASE] Update fltk to 1.3.4 for tigervnc 1415547 - Rebuilding tigervnc SRPM stops at applying Patch101 1415712 -
[RHSA-2017:1983-01] Moderate: postgresql security and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: postgresql security and enhancement update Advisory ID: RHSA-2017:1983-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1983 Issue date:2017-08-01 CVE Names: CVE-2017-7484 CVE-2017-7486 = 1. Summary: An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.21). (BZ#1449706) Security Fix(es): * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; and Andrew Wheelwright as the original reporter of CVE-2017-7486. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 1305979 - feature request: include libpgport.a in postgresql-devel (or its dynamic version somewhere) 1448078 - CVE-2017-7484 postgresql: Selectivity estimators bypass SELECT privilege checks 1448089 - CVE-2017-7486 postgresql: pg_user_mappings view discloses foreign server passwords 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: postgresql-9.2.21-1.el7.src.rpm x86_64: postgresql-debuginfo-9.2.21-1.el7.i686.rpm postgresql-debuginfo-9.2.21-1.el7.x86_64.rpm postgresql-libs-9.2.21-1.el7.i686.rpm postgresql-libs-9.2.21-1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: postgresql-9.2.21-1.el7.i686.rpm postgresql-9.2.21-1.el7.x86_64.rpm postgresql-contrib-9.2.21-1.el7.x86_64.rpm postgresql-debuginfo-9.2.21-1.el7.i686.rpm postgresql-debuginfo-9.2.21-1.el7.x86_64.rpm postgresql-devel-9.2.21-1.el7.i686.rpm postgresql-devel-9.2.21-1.el7.x86_64.rpm postgresql-docs-9.2.21-1.el7.x86_64.rpm postgresql-plperl-9.2.21-1.el7.x86_64.rpm postgresql-plpython-9.2.21-1.el7.x86_64.rpm postgresql-pltcl-9.2.21-1.el7.x86_64.rpm postgresql-server-9.2.21-1.el7.x86_64.rpm postgresql-static-9.2.21-1.el7.i686.rpm postgresql-static-9.2.21-1.el7.x86_64.rpm postgresql-test-9.2.21-1.el7.x86_64.rpm postgresql-upgrade-9.2.21-1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: postgresql-9.2.21-1.el7.src.rpm x86_64: postgresql-9.2.21-1.el7.x86_64.rpm postgresql-debuginfo-9.2.21-1.el7.i686.rpm postgresql-debuginfo-9.2.21-1.el7.x86_64.rpm postgresql-libs-9.2.21-1.el7.i686.rpm postgresql-libs-9.2.21-1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: postgresql-9.2.21-1.el7.i686.rpm postgresql-contrib-9.2.21-1.el7.x86_64.rpm postgresql-debuginfo-9.2.21-1.el7.i686.rpm postgresql-debuginfo-9.2.21-1.el7.x86_64.rpm postgresql-devel-9.2.21-1.el7.i686.rpm postgresql-devel-9.2.21-1.el7.x86_64.rpm postgresql-docs-9.2.21-1.el7.x86_64.rpm postgresql-plperl-9.2.21-1.el7.x86_64.rpm
[RHSA-2017:1854-01] Moderate: pidgin security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: pidgin security, bug fix, and enhancement update Advisory ID: RHSA-2017:1854-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1854 Issue date:2017-08-01 CVE Names: CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 CVE-2017-2640 = 1. Summary: An update for pidgin is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin (2.10.11). (BZ#1369526) Security Fix(es): * A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgin by sending a specially crafted emoticon. (CVE-2014-3695) * A denial of service flaw was found in the way Pidgin parsed Groupwise server messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to cause Pidgin to consume an excessive amount of memory, possibly leading to a crash, by sending a specially crafted message. (CVE-2014-3696) * An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message. (CVE-2014-3698) * An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. (CVE-2017-2640) * It was found that Pidgin's SSL/TLS plug-ins had a flaw in the certificate validation functionality. An attacker could use this flaw to create a fake certificate, that Pidgin would trust, which could be used to conduct man-in-the-middle attacks against Pidgin. (CVE-2014-3694) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Yves Younan (Cisco Talos) and Richard Johnson (Cisco Talos) as the original reporters of CVE-2014-3695 and CVE-2014-3696; Thijs Alkemade and Paul Aurich as the original reporters of CVE-2014-3698; and Jacob Appelbaum and Moxie Marlinspike as the original reporters of CVE-2014-3694. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Pidgin must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1154908 - CVE-2014-3694 pidgin: SSL/TLS plug-ins failed to check Basic Constraints 1154909 - CVE-2014-3695 pidgin: crash in Mxit protocol plug-in 1154910 - CVE-2014-3696 pidgin: denial of service parsing Groupwise server message 1154911 - CVE-2014-3698 pidgin: remote information leak via crafted XMPP message 1369526 - Rebase pidgin to a newer upstream release 1430019 - CVE-2017-2640 pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML 1439296 - Disable MXit 1445921 - jingle_rtp_initiate_media: 'resource' is used after being freed in an error path 1446368 - Silence -Wsign-compare 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: pidgin-2.10.11-5.el7.src.rpm x86_64: libpurple-2.10.11-5.el7.i686.rpm libpurple-2.10.11-5.el7.x86_64.rpm pidgin-2.10.11-5.el7.x86_64.rpm pidgin-debuginfo-2.10.11-5.el7.i686.rpm pidgin-debuginfo-2.10.11-5.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: finch-2.10.11-5.el7.i686.rpm finch-2.10.11-5.el7.x86_64.rpm finch-devel-2.10.11-5.el7.i686.rpm finch-devel-2.10.11-5.el7.x86_64.rpm
[RHSA-2017:1868-01] Moderate: python security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: python security and bug fix update Advisory ID: RHSA-2017:1868-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1868 Issue date:2017-08-01 CVE Names: CVE-2014-9365 = 1. Summary: An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1173041 - CVE-2014-9365 python: failure to validate certificates in the HTTP client with TLS (PEP 476) 1272562 - Memory leaks found by unit tests 1297522 - Undefined python_provide causes silently missing provides 1333064 - /CoreOS/python/Sanity/gdb test is failing on s390x 136 - Python fails to decode X.509 cert with GEN_RID subject alt name 1368076 - threading wait(timeout) doesn't return after timeout if system clock is set backward 1373363 - Incorrect parsing of regular expressions 1432003 - After logrotate , dynamic looping call gets 'ValueError: I/O operation on closed file' on self.stream.flush() in /usr/lib64/python2.7/logging/handlers.py 1439734 - Backport fix for shutil.make_archive doesn't archive empty directories 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: python-2.7.5-58.el7.src.rpm x86_64: python-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.i686.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-libs-2.7.5-58.el7.i686.rpm python-libs-2.7.5-58.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: python-debug-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-devel-2.7.5-58.el7.x86_64.rpm python-test-2.7.5-58.el7.x86_64.rpm python-tools-2.7.5-58.el7.x86_64.rpm tkinter-2.7.5-58.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: python-2.7.5-58.el7.src.rpm x86_64: python-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.i686.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-devel-2.7.5-58.el7.x86_64.rpm python-libs-2.7.5-58.el7.i686.rpm python-libs-2.7.5-58.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: python-debug-2.7.5-58.el7.x86_64.rpm python-debuginfo-2.7.5-58.el7.x86_64.rpm python-test-2.7.5-58.el7.x86_64.rpm python-tools-2.7.5-58.el7.x86_64.rpm tkinter-2.7.5-58.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: python-2.7.5-58.el7.src.rpm aarch64: python-2.7.5-58.el7.aarch64.rpm python-debuginfo-2.7.5-58.el7.aarch64.rpm python-devel-2.7.5-58.el7.aarch64.rpm python-libs-2.7.5-58.el7.aarch64.rpm ppc64: python-2.7.5-58.el7.ppc64.rpm python-debuginfo-2.7.5-58.el7.ppc.rpm python-debuginfo-2.7.5-58.el7.ppc64.rpm python-devel-2.7.5-58.el7.ppc64.rpm python-libs-2.7.5-58.el7.ppc.rpm python-libs-2.7.5-58.el7.ppc64.rpm ppc64le: python-2.7.5-58.el7.ppc64le.rpm
[RHSA-2017:2060-01] Moderate: GStreamer security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: GStreamer security, bug fix, and enhancement update Advisory ID: RHSA-2017:2060-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2060 Issue date:2017-08-01 CVE Names: CVE-2016-10198 CVE-2016-10199 CVE-2016-9446 CVE-2016-9810 CVE-2016-9811 CVE-2017-5837 CVE-2017-5838 CVE-2017-5839 CVE-2017-5840 CVE-2017-5841 CVE-2017-5842 CVE-2017-5843 CVE-2017-5844 CVE-2017-5845 CVE-2017-5848 = 1. Summary: An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The following packages have been upgraded to a later upstream version: clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26). Security Fix(es): * Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1265905 - FAIL: libs/libsabi on ppc64/ppc64le 1386833 - rebase clutter-gst2 to 2.0.18 1386968 - rebase gnome-video-effects to 0.4.2 1397063 - CVE-2016-9446 gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak 1401913 - CVE-2016-9810 gstreamer: Invalid memory read in g_type_check_instance_is_fundamentally_a 1401918 - CVE-2016-9811 gstreamer: Out of bounds heap read in windows_icon_typefind 1406039 - Installed (but unpackaged) file(s) found 1419558 - CVE-2016-10198 gstreamer-plugins-good: Invalid memory read in gst_aac_parse_sink_setcaps 1419580 - CVE-2016-10199 gstreamer-plugins-good: Out of bounds read in qtdemux_tag_add_str_full 1419582 - CVE-2017-5845 gstreamer-plugins-good: Invalid memory read in gst_avi_demux_parse_ncdt 1419583 - CVE-2017-5848 gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm 1419584 - CVE-2017-5837 gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps 1419586 - CVE-2017-5839 gstreamer-plugins-base: Stack overflow in gst_riff_create_audio_caps 1419587 - CVE-2017-5838 gstreamer: Out-of-bounds read in gst_date_time_new_from_iso8601_string() 1419588 - CVE-2017-5840 gstreamer-plugins-good: Out of bounds heap read in qtdemux_parse_samples 1419589 - CVE-2017-5841 gstreamer-plugins-good: Heap out-of-bounds read in gst_avi_demux_parse_ncdt 1419591 - CVE-2017-5842 gstreamer-plugins-base: Out-of-bounds heap read in html_context_handle_element 1419592 - CVE-2017-5843 gstreamer-plugins-bad-free: Use after free in gst_mini_object_unref / gst_tag_list_unref / gst_mxf_demux_update_essence_tracks 1419600 - CVE-2017-5844 gstreamer-plugins-base: Floating point exception in gst_riff_create_audio_caps 1420650 - rebase gstreamer1 to 1.10 1428918 - Update to gst-plugins-base 1.10.x 1429577 - Rebase gstreamer1-plugins-good to 1.10.x 1429587 - Rebase gstreamer1-plugins-bad-free to 1.10.x 1430051 - rebase orc to 0.4.26 6. Package List: Red Hat Enterprise Linux Client
[RHSA-2017:1859-01] Moderate: golang security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: RHSA-2017:1859-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1859 Issue date:2017-08-01 CVE Names: CVE-2017-8932 = 1. Summary: An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The golang packages provide the Go programming language compiler. The following packages have been upgraded to a later upstream version: golang (1.8.3). (BZ#1414500) Security Fix(es): * A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private keys when static ECDH was used. (CVE-2017-8932) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1381593 - runtime: backport 'fix nanotime for macOS Sierra, again' to go 1.6.x 1405587 - build golang for ppc64le and s390x 1444122 - codegen bug for uint64 type on s390x 1452241 - All golang versions prior to 1.9 do not support OIDs that require more than 28 bits 1452616 - golang 1.8 performance regression in net/http affecting kubernetes scale 1455189 - CVE-2017-8932 golang: Elliptic curves carry propagation issue in x86-64 P-256 6. Package List: Red Hat Enterprise Linux Server Optional (v. 7): Source: golang-1.8.3-1.el7.src.rpm aarch64: golang-1.8.3-1.el7.aarch64.rpm golang-bin-1.8.3-1.el7.aarch64.rpm noarch: golang-docs-1.8.3-1.el7.noarch.rpm golang-misc-1.8.3-1.el7.noarch.rpm golang-src-1.8.3-1.el7.noarch.rpm golang-tests-1.8.3-1.el7.noarch.rpm ppc64le: golang-1.8.3-1.el7.ppc64le.rpm golang-bin-1.8.3-1.el7.ppc64le.rpm s390x: golang-1.8.3-1.el7.s390x.rpm golang-bin-1.8.3-1.el7.s390x.rpm x86_64: golang-1.8.3-1.el7.x86_64.rpm golang-bin-1.8.3-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-8932 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZgOPKXlSAg2UNWIIRAnlwAJ9afElOntVCIJg8S20KoSfIgFECDwCeN0CB HmBBIMGjsXkXl9BJNELyBoA= =0xTx -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2258-01] Moderate: gtk-vnc security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: gtk-vnc security, bug fix, and enhancement update Advisory ID: RHSA-2017:2258-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2258 Issue date:2017-08-01 CVE Names: CVE-2017-5884 CVE-2017-5885 = 1. Summary: An update for gtk-vnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc widget is built by using co-routines, which allows the widget to be completely asynchronous while remaining single-threaded. The following packages have been upgraded to a later upstream version: gtk-vnc (0.7.0). (BZ#1416783) Security Fix(es): * It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5884) * An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5885) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 921008 - Guest will keep typing '~' after press F9 and F10 in same time. 921330 - Remote-viewer shows no error if connect to a spice port through vnc protocol 1126825 - Unnecessary warning messages show when shutdown vnc guest during virt-viewer $guest --wait 1416783 - Rebase to 0.7.0 release to fix numerous bugs 1418944 - CVE-2017-5884 gtk-vnc: Improper check of framebuffer boundaries when processing a tile 1418952 - CVE-2017-5885 gtk-vnc: Integer overflow when processing SetColorMapEntries 1441120 - segment fault when connecting a host with no VNC server listening 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gtk-vnc-0.7.0-2.el7.src.rpm x86_64: gtk-vnc-debuginfo-0.7.0-2.el7.i686.rpm gtk-vnc-debuginfo-0.7.0-2.el7.x86_64.rpm gtk-vnc2-0.7.0-2.el7.i686.rpm gtk-vnc2-0.7.0-2.el7.x86_64.rpm gvnc-0.7.0-2.el7.i686.rpm gvnc-0.7.0-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gtk-vnc-0.7.0-2.el7.i686.rpm gtk-vnc-0.7.0-2.el7.x86_64.rpm gtk-vnc-debuginfo-0.7.0-2.el7.i686.rpm gtk-vnc-debuginfo-0.7.0-2.el7.x86_64.rpm gtk-vnc-devel-0.7.0-2.el7.i686.rpm gtk-vnc-devel-0.7.0-2.el7.x86_64.rpm gtk-vnc-python-0.7.0-2.el7.x86_64.rpm gtk-vnc2-devel-0.7.0-2.el7.i686.rpm gtk-vnc2-devel-0.7.0-2.el7.x86_64.rpm gvnc-devel-0.7.0-2.el7.i686.rpm gvnc-devel-0.7.0-2.el7.x86_64.rpm gvnc-tools-0.7.0-2.el7.x86_64.rpm gvncpulse-0.7.0-2.el7.i686.rpm gvncpulse-0.7.0-2.el7.x86_64.rpm gvncpulse-devel-0.7.0-2.el7.i686.rpm gvncpulse-devel-0.7.0-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gtk-vnc-0.7.0-2.el7.src.rpm aarch64: gtk-vnc-debuginfo-0.7.0-2.el7.aarch64.rpm gtk-vnc2-0.7.0-2.el7.aarch64.rpm gvnc-0.7.0-2.el7.aarch64.rpm ppc64: gtk-vnc-debuginfo-0.7.0-2.el7.ppc.rpm gtk-vnc-debuginfo-0.7.0-2.el7.ppc64.rpm gtk-vnc2-0.7.0-2.el7.ppc.rpm gtk-vnc2-0.7.0-2.el7.ppc64.rpm gvnc-0.7.0-2.el7.ppc.rpm gvnc-0.7.0-2.el7.ppc64.rpm ppc64le: gtk-vnc-debuginfo-0.7.0-2.el7.ppc64le.rpm gtk-vnc2-0.7.0-2.el7.ppc64le.rpm gvnc-0.7.0-2.el7.ppc64le.rpm s390x: gtk-vnc-debuginfo-0.7.0-2.el7.s390.rpm gtk-vnc-debuginfo-0.7.0-2.el7.s390x.rpm gtk-vnc2-0.7.0-2.el7.s390.rpm gtk-vnc2-0.7.0-2.el7.s390x.rpm gvnc-0.7.0-2.el7.s390.rpm gvnc-0.7.0-2.el7.s390x.rpm x86_64: gtk-vnc-debuginfo-0.7.0-2.el7.i686.rpm gtk-vnc-debuginfo-0.7.0-2.el7.x86_64.rpm gtk-vnc2-0.7.0-2.el7.i686.rpm gtk-vnc2-0.7.0-2.el7.x86_64.rpm gvnc-0.7.0-2.el7.i686.rpm gvnc-0.7.0-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: gtk-vnc-0.7.0-2.el7.aarch64.rpm
[RHSA-2017:2192-01] Moderate: mariadb security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: mariadb security and bug fix update Advisory ID: RHSA-2017:2192-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2192 Issue date:2017-08-01 CVE Names: CVE-2016-5483 CVE-2016-5617 CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3600 = 1. Summary: An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.56). (BZ#1458933) Security Fix(es): * It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600) * A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664) * Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265) * It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291) * Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312) * A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1027829 - Testsuite test main.gis-precise is failing on ppc %{power64} s390 s390x aarch64 1356897 - MariaDB removes all databases 1386564 - CVE-2016-6664 CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) 1414133 - CVE-2017-3312 mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) 1414338 - CVE-2017-3238 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) 1414340 - CVE-2017-3243 mysql: Server: Charsets unspecified vulnerability
[RHSA-2017:1852-01] Moderate: openldap security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: openldap security, bug fix, and enhancement update Advisory ID: RHSA-2017:1852-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1852 Issue date:2017-08-01 CVE Names: CVE-2017-9287 = 1. Summary: An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. The following packages have been upgraded to a later upstream version: openldap (2.4.44). (BZ#1386365) Security Fix(es): * A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1405354 - [RHEL7] openldap does not re-register nss shutdown callbacks after nss_Shutdown is called 1432907 - Cipher suite mismatch with latest nss 1456712 - CVE-2017-9287 openldap: Double free vulnerability in servers/slapd/back-mdb/search.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openldap-2.4.44-5.el7.src.rpm x86_64: openldap-2.4.44-5.el7.i686.rpm openldap-2.4.44-5.el7.x86_64.rpm openldap-clients-2.4.44-5.el7.x86_64.rpm openldap-debuginfo-2.4.44-5.el7.i686.rpm openldap-debuginfo-2.4.44-5.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-5.el7.i686.rpm openldap-debuginfo-2.4.44-5.el7.x86_64.rpm openldap-devel-2.4.44-5.el7.i686.rpm openldap-devel-2.4.44-5.el7.x86_64.rpm openldap-servers-2.4.44-5.el7.x86_64.rpm openldap-servers-sql-2.4.44-5.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openldap-2.4.44-5.el7.src.rpm x86_64: openldap-2.4.44-5.el7.i686.rpm openldap-2.4.44-5.el7.x86_64.rpm openldap-clients-2.4.44-5.el7.x86_64.rpm openldap-debuginfo-2.4.44-5.el7.i686.rpm openldap-debuginfo-2.4.44-5.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-5.el7.i686.rpm openldap-debuginfo-2.4.44-5.el7.x86_64.rpm openldap-devel-2.4.44-5.el7.i686.rpm openldap-devel-2.4.44-5.el7.x86_64.rpm openldap-servers-2.4.44-5.el7.x86_64.rpm openldap-servers-sql-2.4.44-5.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openldap-2.4.44-5.el7.src.rpm aarch64: openldap-2.4.44-5.el7.aarch64.rpm openldap-clients-2.4.44-5.el7.aarch64.rpm openldap-debuginfo-2.4.44-5.el7.aarch64.rpm openldap-devel-2.4.44-5.el7.aarch64.rpm openldap-servers-2.4.44-5.el7.aarch64.rpm ppc64: openldap-2.4.44-5.el7.ppc.rpm openldap-2.4.44-5.el7.ppc64.rpm openldap-clients-2.4.44-5.el7.ppc64.rpm openldap-debuginfo-2.4.44-5.el7.ppc.rpm openldap-debuginfo-2.4.44-5.el7.ppc64.rpm openldap-devel-2.4.44-5.el7.ppc.rpm openldap-devel-2.4.44-5.el7.ppc64.rpm openldap-servers-2.4.44-5.el7.ppc64.rpm ppc64le: openldap-2.4.44-5.el7.ppc64le.rpm openldap-clients-2.4.44-5.el7.ppc64le.rpm openldap-debuginfo-2.4.44-5.el7.ppc64le.rpm openldap-devel-2.4.44-5.el7.ppc64le.rpm openldap-servers-2.4.44-5.el7.ppc64le.rpm s390x: openldap-2.4.44-5.el7.s390.rpm openldap-2.4.44-5.el7.s390x.rpm openldap-clients-2.4.44-5.el7.s390x.rpm openldap-debuginfo-2.4.44-5.el7.s390.rpm openldap-debuginfo-2.4.44-5.el7.s390x.rpm
[RHSA-2017:2004-01] Moderate: git security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2017:2004-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2004 Issue date:2017-08-01 CVE Names: CVE-2014-9938 CVE-2017-8386 = 1. Summary: An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1369173 - Git is unable to use HTTP(S)-SSO because of fix for CVE-2011-2192 [el7] 1434415 - CVE-2014-9938 git: git-prompt.sh does not sanitize branch names in $PS1 1450407 - CVE-2017-8386 git: Escape out of git-shell 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: git-1.8.3.1-11.el7.src.rpm noarch: emacs-git-1.8.3.1-11.el7.noarch.rpm emacs-git-el-1.8.3.1-11.el7.noarch.rpm git-all-1.8.3.1-11.el7.noarch.rpm git-bzr-1.8.3.1-11.el7.noarch.rpm git-cvs-1.8.3.1-11.el7.noarch.rpm git-email-1.8.3.1-11.el7.noarch.rpm git-gui-1.8.3.1-11.el7.noarch.rpm git-hg-1.8.3.1-11.el7.noarch.rpm git-p4-1.8.3.1-11.el7.noarch.rpm gitk-1.8.3.1-11.el7.noarch.rpm gitweb-1.8.3.1-11.el7.noarch.rpm perl-Git-1.8.3.1-11.el7.noarch.rpm perl-Git-SVN-1.8.3.1-11.el7.noarch.rpm x86_64: git-1.8.3.1-11.el7.x86_64.rpm git-daemon-1.8.3.1-11.el7.x86_64.rpm git-debuginfo-1.8.3.1-11.el7.x86_64.rpm git-svn-1.8.3.1-11.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: git-1.8.3.1-11.el7.src.rpm noarch: emacs-git-1.8.3.1-11.el7.noarch.rpm emacs-git-el-1.8.3.1-11.el7.noarch.rpm git-all-1.8.3.1-11.el7.noarch.rpm git-bzr-1.8.3.1-11.el7.noarch.rpm git-cvs-1.8.3.1-11.el7.noarch.rpm git-email-1.8.3.1-11.el7.noarch.rpm git-gui-1.8.3.1-11.el7.noarch.rpm git-hg-1.8.3.1-11.el7.noarch.rpm git-p4-1.8.3.1-11.el7.noarch.rpm gitk-1.8.3.1-11.el7.noarch.rpm gitweb-1.8.3.1-11.el7.noarch.rpm perl-Git-1.8.3.1-11.el7.noarch.rpm perl-Git-SVN-1.8.3.1-11.el7.noarch.rpm x86_64: git-1.8.3.1-11.el7.x86_64.rpm git-daemon-1.8.3.1-11.el7.x86_64.rpm git-debuginfo-1.8.3.1-11.el7.x86_64.rpm git-svn-1.8.3.1-11.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: git-1.8.3.1-11.el7.src.rpm aarch64: git-1.8.3.1-11.el7.aarch64.rpm git-debuginfo-1.8.3.1-11.el7.aarch64.rpm noarch: perl-Git-1.8.3.1-11.el7.noarch.rpm ppc64: git-1.8.3.1-11.el7.ppc64.rpm git-debuginfo-1.8.3.1-11.el7.ppc64.rpm ppc64le: git-1.8.3.1-11.el7.ppc64le.rpm git-debuginfo-1.8.3.1-11.el7.ppc64le.rpm s390x: git-1.8.3.1-11.el7.s390x.rpm
[RHSA-2017:2418-01] Moderate: openvswitch security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: openvswitch security, bug fix, and enhancement update Advisory ID: RHSA-2017:2418-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2017:2418 Issue date:2017-08-03 CVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 = 1. Summary: An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Channel to provide early releases to layered products - noarch, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. The following packages have been upgraded to a later upstream version: openvswitch (2.7.2). (BZ#1472854) Security Fix(es): * An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this flaw to cause a remote DoS. (CVE-2017-9214) * In Open vSwitch (OvS), while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. (CVE-2017-9263) * A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9264) * A buffer over-read flaw was found in Open vSwitch (OvS) while parsing the group mod OpenFlow messages sent from the controller. An attacker could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9265) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1456795 - CVE-2017-9214 openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function 1457327 - CVE-2017-9263 openvswitch: Invalid processing of a malicious OpenFlow role status message 1457329 - CVE-2017-9264 openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets 1457335 - CVE-2017-9265 openvswitch: Buffer over-read while parsing the group mod OpenFlow message 1472729 - /usr/lib/ocf/resource.d/ovn/ovndb-servers is missing in the openvswitch.spec file 1472854 - [fdProd] Update OVS to 2.7.2 6. Package List: Channel to provide early releases to layered products: Source: openvswitch-2.7.2-1.git20170719.el7fdp.src.rpm noarch: openvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm python-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm x86_64: openvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-9214 https://access.redhat.com/security/cve/CVE-2017-9263 https://access.redhat.com/security/cve/CVE-2017-9264 https://access.redhat.com/security/cve/CVE-2017-9265 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah V7og7GgSn4a1oFzQjIZHeXk= =qOi+ -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2478-01] Important: httpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2478 Issue date:2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 = 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: httpd-2.2.15-60.el6_9.5.src.rpm i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: httpd-2.2.15-60.el6_9.5.src.rpm x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: httpd-2.2.15-60.el6_9.5.src.rpm i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm ppc64: httpd-2.2.15-60.el6_9.5.ppc64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm
[RHSA-2017:2477-01] Important: Red Hat JBoss Data Virtualization 6.3 Update 7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Data Virtualization 6.3 Update 7 security update Advisory ID: RHSA-2017:2477-01 Product: Red Hat JBoss Data Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2017:2477 Issue date:2017-08-15 CVE Names: CVE-2015-3254 CVE-2017-5637 CVE-2017-7525 = 1. Summary: An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) * A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition. (CVE-2015-3254) * A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests. (CVE-2017-5637) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525. 3. Solution: Before applying the update, back up your existing Red Hat JBoss Data Virtualization installation (including its databases, applications, configuration files, and so on). Note that it is recommended to halt the Red Hat JBoss Data Virtualization server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the Red Hat JBoss Data Virtualization server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1454808 - CVE-2017-5637 zookeeper: Incorrect input validation with wchp/wchc four letter words 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 1462783 - CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function 5. References: https://access.redhat.com/security/cve/CVE-2015-3254 https://access.redhat.com/security/cve/CVE-2017-5637 https://access.redhat.com/security/cve/CVE-2017-7525 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform=securityPatches=6.3.0 6. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZkw+VXlSAg2UNWIIRAjRPAKCQB3sAGC0r8CRA7UAwANIGLYbYOACglbUm yNok32QMlwbMdl5AsafILjg= =9Aix -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2479-01] Important: httpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2479-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2479 Issue date:2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 = 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.2.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.x86_64.rpm httpd-devel-2.4.6-67.el7_4.2.x86_64.rpm httpd-tools-2.4.6-67.el7_4.2.x86_64.rpm mod_ldap-2.4.6-67.el7_4.2.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.2.x86_64.rpm mod_session-2.4.6-67.el7_4.2.x86_64.rpm mod_ssl-2.4.6-67.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-67.el7_4.2.src.rpm aarch64: httpd-2.4.6-67.el7_4.2.aarch64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.aarch64.rpm httpd-devel-2.4.6-67.el7_4.2.aarch64.rpm httpd-tools-2.4.6-67.el7_4.2.aarch64.rpm mod_session-2.4.6-67.el7_4.2.aarch64.rpm mod_ssl-2.4.6-67.el7_4.2.aarch64.rpm noarch: httpd-manual-2.4.6-67.el7_4.2.noarch.rpm ppc64: httpd-2.4.6-67.el7_4.2.ppc64.rpm httpd-debuginfo-2.4.6-67.el7_4.2.ppc64.rpm
[RHSA-2017:2480-01] Important: subversion security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: subversion security update Advisory ID: RHSA-2017:2480-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2480 Issue date:2017-08-15 CVE Names: CVE-2017-9800 = 1. Summary: An update for subversion is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit. (CVE-2017-9800) Red Hat would like to thank the Subversion Team for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 5. Bugs fixed (https://bugzilla.redhat.com/): 1479686 - CVE-2017-9800 subversion: Command injection through clients via malicious svn+ssh URLs 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: subversion-1.7.14-11.el7_4.src.rpm x86_64: mod_dav_svn-1.7.14-11.el7_4.x86_64.rpm subversion-1.7.14-11.el7_4.i686.rpm subversion-1.7.14-11.el7_4.x86_64.rpm subversion-debuginfo-1.7.14-11.el7_4.i686.rpm subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm subversion-devel-1.7.14-11.el7_4.i686.rpm subversion-devel-1.7.14-11.el7_4.x86_64.rpm subversion-gnome-1.7.14-11.el7_4.i686.rpm subversion-gnome-1.7.14-11.el7_4.x86_64.rpm subversion-javahl-1.7.14-11.el7_4.i686.rpm subversion-javahl-1.7.14-11.el7_4.x86_64.rpm subversion-kde-1.7.14-11.el7_4.i686.rpm subversion-kde-1.7.14-11.el7_4.x86_64.rpm subversion-libs-1.7.14-11.el7_4.i686.rpm subversion-libs-1.7.14-11.el7_4.x86_64.rpm subversion-perl-1.7.14-11.el7_4.i686.rpm subversion-perl-1.7.14-11.el7_4.x86_64.rpm subversion-python-1.7.14-11.el7_4.x86_64.rpm subversion-ruby-1.7.14-11.el7_4.i686.rpm subversion-ruby-1.7.14-11.el7_4.x86_64.rpm subversion-tools-1.7.14-11.el7_4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: subversion-1.7.14-11.el7_4.src.rpm x86_64: mod_dav_svn-1.7.14-11.el7_4.x86_64.rpm subversion-1.7.14-11.el7_4.i686.rpm subversion-1.7.14-11.el7_4.x86_64.rpm subversion-debuginfo-1.7.14-11.el7_4.i686.rpm subversion-debuginfo-1.7.14-11.el7_4.x86_64.rpm subversion-devel-1.7.14-11.el7_4.i686.rpm subversion-devel-1.7.14-11.el7_4.x86_64.rpm subversion-gnome-1.7.14-11.el7_4.i686.rpm subversion-gnome-1.7.14-11.el7_4.x86_64.rpm subversion-javahl-1.7.14-11.el7_4.i686.rpm subversion-javahl-1.7.14-11.el7_4.x86_64.rpm subversion-kde-1.7.14-11.el7_4.i686.rpm subversion-kde-1.7.14-11.el7_4.x86_64.rpm subversion-libs-1.7.14-11.el7_4.i686.rpm subversion-libs-1.7.14-11.el7_4.x86_64.rpm subversion-perl-1.7.14-11.el7_4.i686.rpm subversion-perl-1.7.14-11.el7_4.x86_64.rpm subversion-python-1.7.14-11.el7_4.x86_64.rpm subversion-ruby-1.7.14-11.el7_4.i686.rpm subversion-ruby-1.7.14-11.el7_4.x86_64.rpm subversion-tools-1.7.14-11.el7_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subversion-1.7.14-11.el7_4.src.rpm aarch64: mod_dav_svn-1.7.14-11.el7_4.aarch64.rpm subversion-1.7.14-11.el7_4.aarch64.rpm subversion-debuginfo-1.7.14-11.el7_4.aarch64.rpm subversion-gnome-1.7.14-11.el7_4.aarch64.rpm subversion-libs-1.7.14-11.el7_4.aarch64.rpm ppc64: mod_dav_svn-1.7.14-11.el7_4.ppc64.rpm subversion-1.7.14-11.el7_4.ppc.rpm subversion-1.7.14-11.el7_4.ppc64.rpm
[RHSA-2017:2481-01] Critical: java-1.7.1-ibm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2017:2481-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:2481 Issue date:2017-08-15 CVE Names: CVE-2017-10053 CVE-2017-10067 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10243 = 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP10. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1471266 - CVE-2017-10107 OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697) 1471270 - CVE-2017-10089 OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461) 1471517 - CVE-2017-10090 OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries) 1471521 - CVE-2017-10087 OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204) 1471523 - CVE-2017-10110 OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098) 1471527 - CVE-2017-10101 OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286) 1471528 - CVE-2017-10096 OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469) 1471535 - CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392) 1471670 - CVE-2017-10109 OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113) 1471738 - CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067) 1471851 - CVE-2017-10115 OpenJDK: DSA implementation timing attack (JCE, 8175106) 1471888 - CVE-2017-10108 OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105) 1471889 - CVE-2017-10053 OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209) 1472345 - CVE-2017-10102 OpenJDK: incorrect handling of references in DGC (RMI, 8163958) 1472666 - CVE-2017-10243 OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054) 1472667 - CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed in 6u161, 7u151, and 8u141 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.4.10-1jpp.2.el6_9.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.10-1jpp.2.el6_9.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.10-1jpp.2.el6_9.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.10-1jpp.2.el6_9.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.10-1jpp.2.el6_9.i686.rpm java-1.7.1-ibm-src-1.7.1.4.10-1jpp.2.el6_9.i686.rpm x86_64:
[RHSA-2017:2471-01] Important: spice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: spice security update Advisory ID: RHSA-2017:2471-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2471 Issue date:2017-08-15 CVE Names: CVE-2017-7506 = 1. Summary: An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash. (CVE-2017-7506) This issue was discovered by Frediano Ziglio (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All applications using SPICE (most notably all QEMU-KVM instances using the SPICE console) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1452606 - CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: spice-0.12.8-2.el7.1.src.rpm x86_64: spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-0.12.8-2.el7.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-devel-0.12.8-2.el7.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: spice-0.12.8-2.el7.1.src.rpm x86_64: spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-0.12.8-2.el7.1.x86_64.rpm spice-server-devel-0.12.8-2.el7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: spice-0.12.8-2.el7.1.src.rpm x86_64: spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-0.12.8-2.el7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-devel-0.12.8-2.el7.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: spice-0.12.8-2.el7.1.src.rpm x86_64: spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-0.12.8-2.el7.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-devel-0.12.8-2.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7506 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZknByXlSAg2UNWIIRAvyxAJ0ZF8JdiHkQEaE+xe0xckkqoBZojgCgk1DT XYwbnyL/60d26voQKvrhi7I= =dq3P -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2472-01] Important: kernel security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:2472-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2472 Issue date:2017-08-15 CVE Names: CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. Bug Fix(es): * When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine (JVM) environments, which attempted to implement their own stack guard page. With this update, the underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the crash in JVM no longer occurs under the described circumstances. (BZ#1472671) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.9 server): Source: kernel-2.6.18-348.34.1.el5.src.rpm i386: kernel-2.6.18-348.34.1.el5.i686.rpm kernel-PAE-2.6.18-348.34.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.34.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.34.1.el5.i686.rpm kernel-debug-2.6.18-348.34.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.34.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.34.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.34.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.34.1.el5.i686.rpm kernel-devel-2.6.18-348.34.1.el5.i686.rpm kernel-headers-2.6.18-348.34.1.el5.i386.rpm kernel-xen-2.6.18-348.34.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.34.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.34.1.el5.i686.rpm ia64: kernel-2.6.18-348.34.1.el5.ia64.rpm kernel-debug-2.6.18-348.34.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.34.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.34.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.34.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.34.1.el5.ia64.rpm kernel-devel-2.6.18-348.34.1.el5.ia64.rpm kernel-headers-2.6.18-348.34.1.el5.ia64.rpm kernel-xen-2.6.18-348.34.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.34.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.34.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.34.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.34.1.el5.x86_64.rpm kernel-debug-2.6.18-348.34.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.34.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.34.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.34.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.34.1.el5.x86_64.rpm kernel-devel-2.6.18-348.34.1.el5.x86_64.rpm kernel-headers-2.6.18-348.34.1.el5.x86_64.rpm kernel-xen-2.6.18-348.34.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.34.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.34.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7895 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZks9dXlSAg2UNWIIRAuzkAJ0cecgSW+j01C4j6IKY2O3zz2GTNQCfYz94 jlE29cVQZktgRt1smuWF0TU= =tiT3 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2473-01] Important: kernel security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:2473-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2473 Issue date:2017-08-15 CVE Names: CVE-2017-7533 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es): * Previously, direct I/O read operations going past EOF returned an invalid error number, instead of reading 0 bytes and returning success, if these operations were in same XFS block with EOF. Consequently, creating multiple VMs from a Red Hat Enterprise Linux 7.4 template caused all the VMs to become unresponsive in the 'Image Locked' state. This update fixes the direct I/O feature of the file system, and VMs created from a Red Hat Enterprise Linux 7.4 template now work as expected. (BZ#1475669) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1468283 - CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-693.1.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.1.1.el7.noarch.rpm kernel-doc-3.10.0-693.1.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.1.1.el7.x86_64.rpm kernel-debug-3.10.0-693.1.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.1.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.1.1.el7.x86_64.rpm kernel-devel-3.10.0-693.1.1.el7.x86_64.rpm kernel-headers-3.10.0-693.1.1.el7.x86_64.rpm kernel-tools-3.10.0-693.1.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.1.1.el7.x86_64.rpm perf-3.10.0-693.1.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm python-perf-3.10.0-693.1.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.1.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.1.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-693.1.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.1.1.el7.noarch.rpm kernel-doc-3.10.0-693.1.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.1.1.el7.x86_64.rpm kernel-debug-3.10.0-693.1.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.1.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.1.1.el7.x86_64.rpm kernel-devel-3.10.0-693.1.1.el7.x86_64.rpm kernel-headers-3.10.0-693.1.1.el7.x86_64.rpm kernel-tools-3.10.0-693.1.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.1.1.el7.x86_64.rpm
[RHSA-2017:2459-01] Important: libsoup security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: libsoup security update Advisory ID: RHSA-2017:2459-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2459 Issue date:2017-08-10 CVE Names: CVE-2017-2885 = 1. Summary: An update for libsoup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality. (CVE-2017-2885) Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1479281 - CVE-2017-2885 libsoup: Stack based buffer overflow with HTTP Chunked Encoding 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm aarch64: libsoup-2.56.0-4.el7_4.aarch64.rpm libsoup-debuginfo-2.56.0-4.el7_4.aarch64.rpm libsoup-devel-2.56.0-4.el7_4.aarch64.rpm ppc64: libsoup-2.56.0-4.el7_4.ppc.rpm libsoup-2.56.0-4.el7_4.ppc64.rpm libsoup-debuginfo-2.56.0-4.el7_4.ppc.rpm libsoup-debuginfo-2.56.0-4.el7_4.ppc64.rpm libsoup-devel-2.56.0-4.el7_4.ppc.rpm libsoup-devel-2.56.0-4.el7_4.ppc64.rpm ppc64le: libsoup-2.56.0-4.el7_4.ppc64le.rpm libsoup-debuginfo-2.56.0-4.el7_4.ppc64le.rpm libsoup-devel-2.56.0-4.el7_4.ppc64le.rpm s390x: libsoup-2.56.0-4.el7_4.s390.rpm libsoup-2.56.0-4.el7_4.s390x.rpm libsoup-debuginfo-2.56.0-4.el7_4.s390.rpm libsoup-debuginfo-2.56.0-4.el7_4.s390x.rpm libsoup-devel-2.56.0-4.el7_4.s390.rpm libsoup-devel-2.56.0-4.el7_4.s390x.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2885 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc.
[RHSA-2017:1832-01] Important: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update Advisory ID: RHSA-2017:1832-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2017:1832 Issue date:2017-08-10 CVE Names: CVE-2015-6644 CVE-2016-8749 CVE-2016-9879 CVE-2017-2589 CVE-2017-2594 CVE-2017-3156 CVE-2017-5643 CVE-2017-5653 CVE-2017-5656 CVE-2017-5929 CVE-2017-7957 = 1. Summary: An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Security Fix(es): * It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. (CVE-2017-2589) * It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644) * It was found that Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues. (CVE-2016-8749) * It was found that Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded / to a request an attacker may be able to bypass a security constraint. (CVE-2016-9879) * It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. (CVE-2017-2594) * It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk, JWT access tokens, or JOSE JWS/JWE interceptors which depend on HMAC secret key algorithms. (CVE-2017-3156) * It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). (CVE-2017-5643) * It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message. (CVE-2017-5653) * It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service (STS). This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token for another user. (CVE-2017-5656) * It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains. (CVE-2017-5929) * It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957) The CVE-2017-2589 issue was discovered by Adam Willard (Blue Canopy) and Dennis
[RHSA-2017:2456-01] Critical: firefox security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2017:2456-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2456 Issue date:2017-08-10 CVE Names: CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 = 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Frederik Braun, Looben Yang, Nils, SkyLined, Oliver Wagner, Fraser Tweedale, Mathias Karlsson, Jose MarÃa Acuña, and Rhys Enniks as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1479188 - CVE-2017-7753 Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19) 1479191 - CVE-2017-7779 Mozilla: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (MFSA 2017-19) 1479201 - CVE-2017-7784 Mozilla: Use-after-free with image observers (MFSA 2017-19) 1479203 - CVE-2017-7785 Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19) 1479205 - CVE-2017-7786 Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19) 1479206 - CVE-2017-7787 Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19) 1479209 - CVE-2017-7791 Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19) 1479210 - CVE-2017-7792 Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19) 1479213 - CVE-2017-7798 Mozilla: XUL injection in the style editor in devtools (MFSA 2017-19) 1479218 - CVE-2017-7800 Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19) 1479223 - CVE-2017-7801 Mozilla: Use-after-free with marquee during window resizing (MFSA 2017-19) 1479224 - CVE-2017-7802 Mozilla: Use-after-free resizing image elements (MFSA 2017-19) 1479225 - CVE-2017-7803 Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19) 1479227 - CVE-2017-7807 Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19) 1479650 - CVE-2017-7809 Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-52.3.0-3.el6_9.src.rpm i386: firefox-52.3.0-3.el6_9.i686.rpm firefox-debuginfo-52.3.0-3.el6_9.i686.rpm x86_64: firefox-52.3.0-3.el6_9.x86_64.rpm firefox-debuginfo-52.3.0-3.el6_9.x86_64.rpm Red Hat Enterprise
[RHSA-2017:2469-01] Critical: java-1.8.0-ibm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2017:2469-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:2469 Issue date:2017-08-14 CVE Names: CVE-2017-10053 CVE-2017-10067 CVE-2017-10078 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10243 = 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP10. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1471266 - CVE-2017-10107 OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697) 1471270 - CVE-2017-10089 OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461) 1471517 - CVE-2017-10090 OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries) 1471521 - CVE-2017-10087 OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204) 1471523 - CVE-2017-10110 OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098) 1471527 - CVE-2017-10101 OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286) 1471528 - CVE-2017-10096 OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469) 1471535 - CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392) 1471670 - CVE-2017-10109 OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113) 1471738 - CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067) 1471851 - CVE-2017-10115 OpenJDK: DSA implementation timing attack (JCE, 8175106) 1471888 - CVE-2017-10108 OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105) 1471889 - CVE-2017-10053 OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209) 1471898 - CVE-2017-10078 OpenJDK: Nashorn incompletely blocking access to Java APIs (Scripting, 8171539) 1472345 - CVE-2017-10102 OpenJDK: incorrect handling of references in DGC (RMI, 8163958) 1472666 - CVE-2017-10243 OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054) 1472667 - CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed in 6u161, 7u151, and 8u141 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.4.10-1jpp.1.el6_9.i686.rpm java-1.8.0-ibm-demo-1.8.0.4.10-1jpp.1.el6_9.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.10-1jpp.1.el6_9.i686.rpm
[RHSA-2017:2486-01] Important: groovy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: groovy security update Advisory ID: RHSA-2017:2486-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2486 Issue date:2017-08-17 CVE Names: CVE-2016-6814 = 1. Summary: An update for groovy is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix(es): * It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1413466 - CVE-2016-6814 Apache Groovy: Remote code execution via deserialization 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: groovy-1.8.9-8.el7_4.src.rpm noarch: groovy-1.8.9-8.el7_4.noarch.rpm groovy-javadoc-1.8.9-8.el7_4.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: groovy-1.8.9-8.el7_4.src.rpm noarch: groovy-1.8.9-8.el7_4.noarch.rpm groovy-javadoc-1.8.9-8.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: groovy-1.8.9-8.el7_4.src.rpm noarch: groovy-1.8.9-8.el7_4.noarch.rpm groovy-javadoc-1.8.9-8.el7_4.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): Source: groovy-1.8.9-8.el7_4.src.rpm noarch: groovy-1.8.9-8.el7_4.noarch.rpm groovy-javadoc-1.8.9-8.el7_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-6814 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZlQLVXlSAg2UNWIIRArIUAJ9FMmSNHsR5i8T4JBYtYWYlhBnSswCgjDJx /O4MojSWGQwnIEyjuUKPEMw= =71zf -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2457-01] Critical: flash-plugin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2017:2457-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:2457 Issue date:2017-08-10 CVE Names: CVE-2017-3085 CVE-2017-3106 = 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.151. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-3085, CVE-2017-3106) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1479887 - CVE-2017-3106 flash-plugin: Remote Code Execution due to Type Confusion issue fixed in APSB17-23 1479888 - CVE-2017-3085 flash-plugin: Information Disclosure via Security Bypass issue fixed in APSB17-23 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-26.0.0.151-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.151-1.el6_9.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-26.0.0.151-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.151-1.el6_9.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-26.0.0.151-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.151-1.el6_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3085 https://access.redhat.com/security/cve/CVE-2017-3106 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb17-23.html 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZjDiCXlSAg2UNWIIRAgqtAJ9iIVnUE5HymMdzqU0AJCTWi3YL6QCeNxqL LLLRvoXgWUk7rcTd0FGc2XM= =jLEB -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1731-01] Critical: flash-plugin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2017:1731-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:1731 Issue date:2017-07-12 CVE Names: CVE-2017-3080 CVE-2017-3099 CVE-2017-3100 = 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.137. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-3080, CVE-2017-3099, CVE-2017-3100) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1469762 - CVE-2017-3099 flash-plugin: code execution issue fixed in APSB17-21 1469763 - CVE-2017-3080 CVE-2017-3100 flash-plugin: code execution issue fixed in APSB17-21 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-26.0.0.137-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.137-1.el6_9.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-26.0.0.137-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.137-1.el6_9.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-26.0.0.137-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.137-1.el6_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3080 https://access.redhat.com/security/cve/CVE-2017-3099 https://access.redhat.com/security/cve/CVE-2017-3100 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb17-21.html 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZZeNwXlSAg2UNWIIRAoV0AJ9xN6/tWlXlDji2/AmnD+uFI3LUKwCgg75/ WpLadlpf+E1wIDGr/CSq/1U= =PRvr -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1723-01] Important: kernel security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:1723-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1723 Issue date:2017-07-11 CVE Names: CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. Bug Fix(es): * If several file operations were started after a mounted NFS share had got idle and its Transmission Control Protocol (TCP) connection had therefore been terminated, these operations could cause multiple TCP SYN packets coming from the NFS client instead of one. With this update, the reconnection logic has been fixed, and only one TCP SYN packet is now sent in the described situation. (BZ#1450850) * When the ixgbe driver was loaded for a backplane-connected network card, a kernel panic could occur, because the ops.setup_fc function pointer was used before the initialization. With this update, ops.setup_fc is initialized earlier. As a result, ixgbe no longer panics on load. (BZ#1457347) * When setting an Access Control List (ACL) with 190 and more Access Control Entries (ACEs) on a NFSv4 directory, a kernel crash could previously occur. This update fixes the nfs4_getfacl() function, and the kernel no longer crashes under the described circumstances. (BZ#1449096) * When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine (JVM) environments, which attempted to implement their own stack guard page. With this update, the underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the crash in JVM no longer occurs under the described circumstances. (BZ#147) * When a program receives IPv6 packets using the raw socket, the ioctl(FIONREAD) and ioctl(SIOCINQ) functions can incorrectly return zero waiting bytes. This update fixes the ip6_input_finish() function to check the raw payload size properly. As a result, the ioctl() function now returns bytes waiting in the raw socket correctly. (BZ#1450870) * Previously, listing a directory on a non-standard XFS filesystem (with non-default multi-fsb directory blocks) could lead to a soft lock up due to array index overrun in the xfs_dir2_leaf_readbuf() function. This update fixes xfs_dir2_leaf_readbuf(), and the soft lock up no longer occurs under the described circumstances. (BZ#1445179) * Previously, aborts from the array after the Storage Area Network (SAN) fabric back-pressure led to premature reuse of still valid sequence with the same OX_ID. Consequently, an error message and data corruption could occur. This update fixes the libfc driver to isolate the timed out OX_IDs, thus fixing this bug. (BZ#140) * Previously, a kernel panic occurred when the mcelog daemon executed a huge page memory offline. This update fixes the HugeTLB feature of the Linux kernel to check for the Page Table Entry (PTE) NULL pointer in the page_check_address() function. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1444351) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1446103 - CVE-2017-7895
[RHSA-2017:1721-01] Moderate: httpd security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2017:1721-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1721 Issue date:2017-07-11 CVE Names: CVE-2016-8743 = 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue. Note: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update. Bug Fix(es): * Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1463354 - segfault in ap_proxy_set_scoreboard_lb 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: httpd-2.2.15-60.el6_9.4.src.rpm i386: httpd-2.2.15-60.el6_9.4.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.4.i686.rpm httpd-tools-2.2.15-60.el6_9.4.i686.rpm x86_64: httpd-2.2.15-60.el6_9.4.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.4.x86_64.rpm httpd-tools-2.2.15-60.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: httpd-debuginfo-2.2.15-60.el6_9.4.i686.rpm httpd-devel-2.2.15-60.el6_9.4.i686.rpm mod_ssl-2.2.15-60.el6_9.4.i686.rpm noarch: httpd-manual-2.2.15-60.el6_9.4.noarch.rpm x86_64: httpd-debuginfo-2.2.15-60.el6_9.4.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.4.x86_64.rpm httpd-devel-2.2.15-60.el6_9.4.i686.rpm httpd-devel-2.2.15-60.el6_9.4.x86_64.rpm mod_ssl-2.2.15-60.el6_9.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: httpd-2.2.15-60.el6_9.4.src.rpm x86_64: httpd-2.2.15-60.el6_9.4.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.4.x86_64.rpm httpd-tools-2.2.15-60.el6_9.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: httpd-manual-2.2.15-60.el6_9.4.noarch.rpm x86_64: httpd-debuginfo-2.2.15-60.el6_9.4.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.4.x86_64.rpm httpd-devel-2.2.15-60.el6_9.4.i686.rpm httpd-devel-2.2.15-60.el6_9.4.x86_64.rpm mod_ssl-2.2.15-60.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: httpd-2.2.15-60.el6_9.4.src.rpm i386: httpd-2.2.15-60.el6_9.4.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.4.i686.rpm httpd-devel-2.2.15-60.el6_9.4.i686.rpm httpd-tools-2.2.15-60.el6_9.4.i686.rpm mod_ssl-2.2.15-60.el6_9.4.i686.rpm noarch: httpd-manual-2.2.15-60.el6_9.4.noarch.rpm ppc64: httpd-2.2.15-60.el6_9.4.ppc64.rpm httpd-debuginfo-2.2.15-60.el6_9.4.ppc.rpm httpd-debuginfo-2.2.15-60.el6_9.4.ppc64.rpm
[RHSA-2017:1712-01] Important: Red Hat 3scale API Management Platform 2.0.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat 3scale API Management Platform 2.0.0 security update Advisory ID: RHSA-2017:1712-01 Product: Red Hat 3scale API Management Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1712 Issue date:2017-07-06 CVE Names: CVE-2017-1000364 CVE-2017-1000366 CVE-2017-7502 CVE-2017-7512 = 1. Summary: A security update for Red Hat 3scale API Management Platform 2.0.0 is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix(es): * It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. (CVE-2017-7512) The underlying container image was also rebuilt to resolve other security issues. These were addressed via the following errata: * https://access.redhat.com/errata/RHSA-2017:1365 * https://access.redhat.com/errata/RHSA-2017:1481 * https://access.redhat.com/errata/RHSA-2017:1484 Red Hat would like to thank Ryan Nauman (TruCode) for reporting the CVE-2017-7512 issue. 3. Solution: To apply this security fix, use the updated docker images. 4. Bugs fixed (https://bugzilla.redhat.com/): 1457997 - CVE-2017-7512 3scale AMP: validation bypass in oauth 5. References: https://access.redhat.com/security/cve/CVE-2017-1000364 https://access.redhat.com/security/cve/CVE-2017-1000366 https://access.redhat.com/security/cve/CVE-2017-7502 https://access.redhat.com/security/cve/CVE-2017-7512 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZXnRrXlSAg2UNWIIRAt8CAJ4z6GgABbXchEezh/jexuz0bTzY/gCbBwX7 C05p9KDlior7f7DTvXKIt4g= =Iw0h -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1759-01] Important: freeradius security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: freeradius security update Advisory ID: RHSA-2017:1759-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1759 Issue date:2017-07-18 CVE Names: CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 = 1. Summary: An update for freeradius is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1468487 - CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() 1468490 - CVE-2017-10979 freeradius: Out-of-bounds write in rad_coalesce() 1468493 - CVE-2017-10980 freeradius: Memory leak in decode_tlv() 1468495 - CVE-2017-10981 freeradius: Memory leak in fr_dhcp_decode() 1468498 - CVE-2017-10982 freeradius: Out-of-bounds read in fr_dhcp_decode_options() 1468503 - CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: freeradius-2.2.6-7.el6_9.src.rpm i386: freeradius-2.2.6-7.el6_9.i686.rpm freeradius-debuginfo-2.2.6-7.el6_9.i686.rpm ppc64: freeradius-2.2.6-7.el6_9.ppc64.rpm freeradius-debuginfo-2.2.6-7.el6_9.ppc64.rpm s390x: freeradius-2.2.6-7.el6_9.s390x.rpm freeradius-debuginfo-2.2.6-7.el6_9.s390x.rpm x86_64: freeradius-2.2.6-7.el6_9.x86_64.rpm freeradius-debuginfo-2.2.6-7.el6_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: freeradius-debuginfo-2.2.6-7.el6_9.i686.rpm freeradius-krb5-2.2.6-7.el6_9.i686.rpm freeradius-ldap-2.2.6-7.el6_9.i686.rpm freeradius-mysql-2.2.6-7.el6_9.i686.rpm freeradius-perl-2.2.6-7.el6_9.i686.rpm freeradius-postgresql-2.2.6-7.el6_9.i686.rpm freeradius-python-2.2.6-7.el6_9.i686.rpm freeradius-unixODBC-2.2.6-7.el6_9.i686.rpm freeradius-utils-2.2.6-7.el6_9.i686.rpm ppc64: freeradius-debuginfo-2.2.6-7.el6_9.ppc64.rpm freeradius-krb5-2.2.6-7.el6_9.ppc64.rpm freeradius-ldap-2.2.6-7.el6_9.ppc64.rpm freeradius-mysql-2.2.6-7.el6_9.ppc64.rpm freeradius-perl-2.2.6-7.el6_9.ppc64.rpm freeradius-postgresql-2.2.6-7.el6_9.ppc64.rpm freeradius-python-2.2.6-7.el6_9.ppc64.rpm freeradius-unixODBC-2.2.6-7.el6_9.ppc64.rpm freeradius-utils-2.2.6-7.el6_9.ppc64.rpm s390x: freeradius-debuginfo-2.2.6-7.el6_9.s390x.rpm freeradius-krb5-2.2.6-7.el6_9.s390x.rpm freeradius-ldap-2.2.6-7.el6_9.s390x.rpm
[RHSA-2017:1766-01] Important: kernel security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:1766-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1766 Issue date:2017-07-18 CVE Names: CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. Bug Fix(es): * Previously, a race condition between Linux kernel module error handling and kprobe registration code existed in the Linux kernel. The protection that was applied during module error handling code could be overridden by kprobe registration code before the module was deallocated. Consequently, the mapped page could be freed and become not 'writable'. When this page was later accessed, a page fault occurred, which led to a kernel panic. This update fixes the race condition, and the kernel no longer panics due to this bug. (BZ#1454683) * Due to a race with another NFS mount, the nfs41_walk_client_list() function previously established a lease on the nfs_client pointer before the check for trunking was finished. This update ensures the processes follow the correct order and the race no longer occurs in this scenario. (BZ#1447383) * If a duplicate IPv6 address or an issue setting an address was present in the net/ipv6/addrconf.c file, a race condition occurred that could cause an IFP refcount leak. Attempts to unregister a netdevice then produced "Unregister Netdevice Failed" error messages. The provided patch fixes this bug, and race conditions no longer occur in this situation. (BZ#1449103) * Previously, subtracting from vCPU threads could cause a steal_time overflow on QEMU live migration. This update makes sure steal_time accumulation to vCPU entry time is moved before copying steal_time data to QEMU guest, thus fixing this bug. (BZ#1274919) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.2): Source: kernel-3.10.0-327.58.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.58.1.el7.noarch.rpm kernel-doc-3.10.0-327.58.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.58.1.el7.x86_64.rpm kernel-debug-3.10.0-327.58.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.58.1.el7.x86_64.rpm kernel-devel-3.10.0-327.58.1.el7.x86_64.rpm kernel-headers-3.10.0-327.58.1.el7.x86_64.rpm kernel-tools-3.10.0-327.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.58.1.el7.x86_64.rpm perf-3.10.0-327.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm python-perf-3.10.0-327.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm
[RHSA-2017:1790-01] Critical: java-1.8.0-oracle security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2017:1790-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1790 Issue date:2017-07-20 CVE Names: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 = 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 141. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1471266 - CVE-2017-10107 OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697) 1471270 - CVE-2017-10089 OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461) 1471517 - CVE-2017-10090 OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries) 1471521 - CVE-2017-10087 OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204) 1471523 - CVE-2017-10110 OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098) 1471526 - CVE-2017-10111 OpenJDK: incorrect range checks in LambdaFormEditor (Libraries, 8184185) 1471527 - CVE-2017-10101 OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286) 1471528 - CVE-2017-10096 OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469) 1471534 - CVE-2017-10074 OpenJDK: integer overflows in range check loop predicates (Hotspot, 8173770) 1471535 - CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392) 1471670 - CVE-2017-10109 OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113) 1471711 - CVE-2017-10081 OpenJDK: incorrect bracket processing in function signature handling (Hotspot, 8170966) 1471715 - CVE-2017-10193 OpenJDK: incorrect key size constraint check (Security, 8179101) 1471738 - CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067) 1471851 - CVE-2017-10115 OpenJDK: DSA implementation timing attack (JCE, 8175106) 1471871 - CVE-2017-10135 OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760) 1471888 - CVE-2017-10108
[RHSA-2017:1789-01] Critical: java-1.8.0-openjdk security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: RHSA-2017:1789-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1789 Issue date:2017-07-20 CVE Names: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10135 CVE-2017-10193 CVE-2017-10198 = 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102) * Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067) * It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116) * It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078) * It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198) * A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115) * A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135) * It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108,
[RHSA-2017:1792-01] Critical: java-1.6.0-sun security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2017:1792-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1792 Issue date:2017-07-20 CVE Names: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10135 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 = 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 161. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1471266 - CVE-2017-10107 OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697) 1471270 - CVE-2017-10089 OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461) 1471521 - CVE-2017-10087 OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204) 1471523 - CVE-2017-10110 OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098) 1471527 - CVE-2017-10101 OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286) 1471528 - CVE-2017-10096 OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469) 1471534 - CVE-2017-10074 OpenJDK: integer overflows in range check loop predicates (Hotspot, 8173770) 1471535 - CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392) 1471670 - CVE-2017-10109 OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113) 1471711 - CVE-2017-10081 OpenJDK: incorrect bracket processing in function signature handling (Hotspot, 8170966) 1471715 - CVE-2017-10193 OpenJDK: incorrect key size constraint check (Security, 8179101) 1471738 - CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067) 1471851 - CVE-2017-10115 OpenJDK: DSA implementation timing attack (JCE, 8175106) 1471871 - CVE-2017-10135 OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760) 1471888 - CVE-2017-10108 OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105) 1471889 - CVE-2017-10053 OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209) 1472320 - CVE-2017-10198 OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998) 1472345 - CVE-2017-10102 OpenJDK: incorrect handling of references in DGC (RMI, 8163958) 1472666 - CVE-2017-10243 Oracle JDK: unspecified vulnerability fixed in 6u161,
[RHSA-2017:1791-01] Critical: java-1.7.0-oracle security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2017:1791-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1791 Issue date:2017-07-20 CVE Names: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 = 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 151. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1471266 - CVE-2017-10107 OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697) 1471270 - CVE-2017-10089 OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461) 1471517 - CVE-2017-10090 OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries) 1471521 - CVE-2017-10087 OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204) 1471523 - CVE-2017-10110 OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098) 1471527 - CVE-2017-10101 OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286) 1471528 - CVE-2017-10096 OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469) 1471534 - CVE-2017-10074 OpenJDK: integer overflows in range check loop predicates (Hotspot, 8173770) 1471535 - CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392) 1471670 - CVE-2017-10109 OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113) 1471711 - CVE-2017-10081 OpenJDK: incorrect bracket processing in function signature handling (Hotspot, 8170966) 1471715 - CVE-2017-10193 OpenJDK: incorrect key size constraint check (Security, 8179101) 1471738 - CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067) 1471851 - CVE-2017-10115 OpenJDK: DSA implementation timing attack (JCE, 8175106) 1471871 - CVE-2017-10135 OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760) 1471888 - CVE-2017-10108 OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105) 1471889 - CVE-2017-10053 OpenJDK: reading of unprocessed image data
[RHSA-2017:1793-01] Important: graphite2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: graphite2 security update Advisory ID: RHSA-2017:1793-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1793 Issue date:2017-07-20 CVE Names: CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017- CVE-2017-7778 = 1. Summary: An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2 (1.3.10). Security Fix(es): * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-, CVE-2017-7778) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters of these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1461260 - CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16) 1472212 - CVE-2017-7771 graphite2: out of bounds read in "graphite2::Pass::readPass" 1472213 - CVE-2017-7772 graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772) 1472215 - CVE-2017-7773 graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor) 1472219 - CVE-2017-7774 graphite2: out of bounds read "graphite2::Silf::readGraphite" 1472221 - CVE-2017-7775 graphite2: assertion error "size() > n" 1472223 - CVE-2017-7776 graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph" 1472225 - CVE-2017- graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph" 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: graphite2-1.3.10-1.el7_3.src.rpm x86_64: graphite2-1.3.10-1.el7_3.i686.rpm graphite2-1.3.10-1.el7_3.x86_64.rpm graphite2-debuginfo-1.3.10-1.el7_3.i686.rpm graphite2-debuginfo-1.3.10-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: graphite2-debuginfo-1.3.10-1.el7_3.i686.rpm graphite2-debuginfo-1.3.10-1.el7_3.x86_64.rpm graphite2-devel-1.3.10-1.el7_3.i686.rpm graphite2-devel-1.3.10-1.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: graphite2-1.3.10-1.el7_3.src.rpm x86_64: graphite2-1.3.10-1.el7_3.i686.rpm graphite2-1.3.10-1.el7_3.x86_64.rpm graphite2-debuginfo-1.3.10-1.el7_3.i686.rpm graphite2-debuginfo-1.3.10-1.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: graphite2-debuginfo-1.3.10-1.el7_3.i686.rpm graphite2-debuginfo-1.3.10-1.el7_3.x86_64.rpm graphite2-devel-1.3.10-1.el7_3.i686.rpm graphite2-devel-1.3.10-1.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: graphite2-1.3.10-1.el7_3.src.rpm aarch64: graphite2-1.3.10-1.el7_3.aarch64.rpm graphite2-debuginfo-1.3.10-1.el7_3.aarch64.rpm ppc64: graphite2-1.3.10-1.el7_3.ppc.rpm graphite2-1.3.10-1.el7_3.ppc64.rpm graphite2-debuginfo-1.3.10-1.el7_3.ppc.rpm graphite2-debuginfo-1.3.10-1.el7_3.ppc64.rpm ppc64le:
[RHSA-2017:1801-01] Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update Advisory ID: RHSA-2017:1801-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:1801 Issue date:2017-07-25 CVE Names: CVE-2017-5645 CVE-2017-5647 CVE-2017-5648 CVE-2017-5664 = 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, x86_64 Red Hat JBoss Web Server 3.1 for RHEL 7 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648) 4. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used 1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism 6. JIRA issues fixed (https://issues.jboss.org/): JWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs JWS-667 - Subject incorrectly removed from user session JWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain JWS-709 - RPM missing selinux-policy dependency JWS-716 - Backport 60087 for Tomcat 8 JWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites JWS-721 - CORS filter Vary header missing JWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2 JWS-741 - Configurations in conf.d are not applied JWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar's manifest file 7. Package List: Red Hat JBoss Web Server 3.1 for RHEL 6: Source: log4j-eap6-1.2.16-12.redhat_3.1.ep6.el6.src.rpm tomcat-native-1.2.8-10.redhat_10.ep7.el6.src.rpm tomcat7-7.0.70-22.ep7.el6.src.rpm tomcat8-8.0.36-24.ep7.el6.src.rpm i386: tomcat-native-1.2.8-10.redhat_10.ep7.el6.i686.rpm tomcat-native-debuginfo-1.2.8-10.redhat_10.ep7.el6.i686.rpm noarch: log4j-eap6-1.2.16-12.redhat_3.1.ep6.el6.noarch.rpm tomcat7-7.0.70-22.ep7.el6.noarch.rpm tomcat7-admin-webapps-7.0.70-22.ep7.el6.noarch.rpm tomcat7-docs-webapp-7.0.70-22.ep7.el6.noarch.rpm
[RHSA-2017:1802-01] Important: Red Hat JBoss Web Server Service Pack 1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server Service Pack 1 security update Advisory ID: RHSA-2017:1802-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-1802.html Issue date:2017-07-25 CVE Names: CVE-2017-5645 CVE-2017-5647 CVE-2017-5648 CVE-2017-5664 = 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648) 3. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used 1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism 5. References: https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/cve/CVE-2017-5647 https://access.redhat.com/security/cve/CVE-2017-5648 https://access.redhat.com/security/cve/CVE-2017-5664 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver=securityPatches=3.1 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html https://access.redhat.com/security/vulnerabilities/httpoxy https://access.redhat.com/solutions/2435491 6. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZd4TuXlSAg2UNWIIRAsyQAJ4vpBzwSZdS5gI+PGd1qGbvrKGARwCgtWAa bfq2sLi0n/VBtpl/ytEfWkc= =ylBv -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1798-01] Important: kernel security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:1798-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1798 Issue date:2017-07-24 CVE Names: CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: kernel-2.6.32-504.62.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.62.1.el6.noarch.rpm kernel-doc-2.6.32-504.62.1.el6.noarch.rpm kernel-firmware-2.6.32-504.62.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.62.1.el6.x86_64.rpm kernel-debug-2.6.32-504.62.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.62.1.el6.x86_64.rpm kernel-devel-2.6.32-504.62.1.el6.x86_64.rpm kernel-headers-2.6.32-504.62.1.el6.x86_64.rpm perf-2.6.32-504.62.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: kernel-2.6.32-504.62.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.62.1.el6.noarch.rpm kernel-doc-2.6.32-504.62.1.el6.noarch.rpm kernel-firmware-2.6.32-504.62.1.el6.noarch.rpm x86_64: kernel-2.6.32-504.62.1.el6.x86_64.rpm kernel-debug-2.6.32-504.62.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.62.1.el6.x86_64.rpm kernel-devel-2.6.32-504.62.1.el6.x86_64.rpm kernel-headers-2.6.32-504.62.1.el6.x86_64.rpm perf-2.6.32-504.62.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.62.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm python-perf-2.6.32-504.62.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.62.1.el6.x86_64.rpm perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm python-perf-2.6.32-504.62.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.62.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7895 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1
[RHSA-2017:1787-01] Moderate: collectd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: collectd security update Advisory ID: RHSA-2017:1787-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1787 Issue date:2017-07-19 CVE Names: CVE-2017-7401 = 1. Summary: An update for collectd is now available for Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7 - x86_64 3. Description: collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a later upstream version: collectd (5.7.2). (BZ#1460080) Security Fix(es): * collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service. (CVE-2017-7401) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1439674 - CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions 6. Package List: Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7: Source: collectd-5.7.2-1.1.el7ost.src.rpm x86_64: collectd-5.7.2-1.1.el7ost.x86_64.rpm collectd-apache-5.7.2-1.1.el7ost.x86_64.rpm collectd-ascent-5.7.2-1.1.el7ost.x86_64.rpm collectd-bind-5.7.2-1.1.el7ost.x86_64.rpm collectd-ceph-5.7.2-1.1.el7ost.x86_64.rpm collectd-curl-5.7.2-1.1.el7ost.x86_64.rpm collectd-curl_json-5.7.2-1.1.el7ost.x86_64.rpm collectd-curl_xml-5.7.2-1.1.el7ost.x86_64.rpm collectd-dbi-5.7.2-1.1.el7ost.x86_64.rpm collectd-debuginfo-5.7.2-1.1.el7ost.x86_64.rpm collectd-disk-5.7.2-1.1.el7ost.x86_64.rpm collectd-dns-5.7.2-1.1.el7ost.x86_64.rpm collectd-drbd-5.7.2-1.1.el7ost.x86_64.rpm collectd-email-5.7.2-1.1.el7ost.x86_64.rpm collectd-generic-jmx-5.7.2-1.1.el7ost.x86_64.rpm collectd-ipmi-5.7.2-1.1.el7ost.x86_64.rpm collectd-iptables-5.7.2-1.1.el7ost.x86_64.rpm collectd-ipvs-5.7.2-1.1.el7ost.x86_64.rpm collectd-java-5.7.2-1.1.el7ost.x86_64.rpm collectd-log_logstash-5.7.2-1.1.el7ost.x86_64.rpm collectd-lvm-5.7.2-1.1.el7ost.x86_64.rpm collectd-mysql-5.7.2-1.1.el7ost.x86_64.rpm collectd-netlink-5.7.2-1.1.el7ost.x86_64.rpm collectd-nginx-5.7.2-1.1.el7ost.x86_64.rpm collectd-notify_desktop-5.7.2-1.1.el7ost.x86_64.rpm collectd-notify_email-5.7.2-1.1.el7ost.x86_64.rpm collectd-openldap-5.7.2-1.1.el7ost.x86_64.rpm collectd-ping-5.7.2-1.1.el7ost.x86_64.rpm collectd-postgresql-5.7.2-1.1.el7ost.x86_64.rpm collectd-rrdcached-5.7.2-1.1.el7ost.x86_64.rpm collectd-rrdtool-5.7.2-1.1.el7ost.x86_64.rpm collectd-sensors-5.7.2-1.1.el7ost.x86_64.rpm collectd-smart-5.7.2-1.1.el7ost.x86_64.rpm collectd-snmp-5.7.2-1.1.el7ost.x86_64.rpm collectd-turbostat-5.7.2-1.1.el7ost.x86_64.rpm collectd-utils-5.7.2-1.1.el7ost.x86_64.rpm collectd-virt-5.7.2-1.1.el7ost.x86_64.rpm collectd-web-5.7.2-1.1.el7ost.x86_64.rpm collectd-write_http-5.7.2-1.1.el7ost.x86_64.rpm collectd-write_sensu-5.7.2-1.1.el7ost.x86_64.rpm collectd-write_tsdb-5.7.2-1.1.el7ost.x86_64.rpm collectd-zookeeper-5.7.2-1.1.el7ost.x86_64.rpm libcollectdclient-5.7.2-1.1.el7ost.x86_64.rpm perl-Collectd-5.7.2-1.1.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7401 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZb+E0XlSAg2UNWIIRAi0KAJ4rVOYE2+nxTxSSwUDh9u6itK/uGACeMR5t cdqdU/HrRuD3UdzhIUBoQKc= =IpV5 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1616-01] Important: kernel-rt security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:1616-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1616 Issue date:2017-06-28 CVE Names: CVE-2017-1000364 CVE-2017-2583 CVE-2017-6214 CVE-2017-7477 CVE-2017-7645 CVE-2017-7895 = 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) * A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate) * A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364; Ari Kauppi for reporting CVE-2017-7895; and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-514.25.2 source tree, which provides a number of bug fixes over the previous version. (BZ#1452742) * Previously, a local lock acquisition around the ip_send_unicast_reply() function was incorrectly terminated. Consequently, a list corruption occurred that led to a kernel panic. This update adds locking functions around calls to ip_send_unicast_reply(). As a result, neither list corruption nor kernel panic occur under the described circumstances. (BZ#1455239) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1414735 - CVE-2017-2583 Kernel: Kvm: vmx/svm potential privilege escalation inside guest 1426542 - CVE-2017-6214 kernel: ipv4/tcp: Infinite loop in tcp_splice_read() 1443615 - CVE-2017-7645 kernel: nfsd: Incorrect handling of long RPC replies 1445207 - CVE-2017-7477
[RHSA-2017:1615-01] Important: kernel security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:1615-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1615 Issue date:2017-06-28 CVE Names: CVE-2017-2583 CVE-2017-6214 CVE-2017-7477 CVE-2017-7645 CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate) * A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583. Bug Fix(es): * Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184) * If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times. Consequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851) * The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246) * When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation. (BZ#1450855) * When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation.
[RHSA-2017:1596-01] Moderate: python-django security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2017:1596-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1596 Issue date:2017-06-28 CVE Names: CVE-2017-7233 = 1. Summary: An update for python-django is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. The following packages have been upgraded to a later upstream version: python-django (1.8.18). (BZ#1437737) Security Fix(es): * A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard. (CVE-2017-7233) Red Hat would like to thank the Django project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1437234 - CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs 6. Package List: Red Hat OpenStack Platform 10.0: Source: python-django-1.8.18-1.el7ost.src.rpm noarch: python-django-1.8.18-1.el7ost.noarch.rpm python-django-bash-completion-1.8.18-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7233 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZVBGlXlSAg2UNWIIRAsCjAKCcqX2kMw0BZppbW0dcZdc5g+UNbACgi6cX FDPipX4JEG4cP9HE5LLV08w= =NBzP -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1659-01] Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update Advisory ID: RHSA-2017:1659-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-1659.html Issue date:2017-06-28 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-6304 CVE-2016-8610 = 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 5. References: https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform=securityPatches=6.4 6. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZVBGYXlSAg2UNWIIRAitCAKDDU2+TU+bWZazGsgLqhlm+UBIRiwCcDtsi Gl49Bhw33ykXLLVNLwr3eow= =+SCQ -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1658-01] Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update Advisory ID: RHSA-2017:1658-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1658 Issue date:2017-06-28 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-6304 CVE-2016-8610 = 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - i386, ppc64, x86_64 Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - ppc64, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 6. Package List: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server: Source: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.src.rpm i386: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6.i686.rpm ppc64: jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6.ppc64.rpm
[RHSA-2017:1647-01] Important: kernel-rt security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:1647-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://access.redhat.com/errata/RHSA-2017:1647 Issue date:2017-06-28 CVE Names: CVE-2017-1000364 CVE-2017-6214 CVE-2017-7645 CVE-2017-7895 = 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) * The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364 and Ari Kauppi for reporting CVE-2017-7895. Bug Fix(es): * kernel-rt packages have been upgraded to the 3.10.0-514 source tree, which provides a number of bug fixes over the previous version. (BZ#1452745) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1426542 - CVE-2017-6214 kernel: ipv4/tcp: Infinite loop in tcp_splice_read() 1443615 - CVE-2017-7645 kernel: nfsd: Incorrect handling of long RPC replies 1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests 1452745 - update the MRG 2.5.z 3.10 kernel-rt sources 1452769 - HPE iLO remote console video goes blank after updating to kernel-rt-3.10.0-514.rt56.210.el6rt 1461333 - CVE-2017-1000364 kernel: heap/stack gap jumping via unbounded stack allocations 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-514.rt56.228.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-514.rt56.228.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-514.rt56.228.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.228.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-514.rt56.228.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature
[RHSA-2017:1597-01] Important: openstack-keystone security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: openstack-keystone security, bug fix, and enhancement update Advisory ID: RHSA-2017:1597-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1597 Issue date:2017-06-28 CVE Names: CVE-2017-2673 = 1. Summary: An update for openstack-keystone is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone (10.0.1). (BZ#1431715) Security Fix(es): * An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles. (CVE-2017-2673) Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Boris Bobrov (Mail.Ru) as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1431715 - Rebase openstack-keystone to stable/newton hash 5eba745 1439586 - CVE-2017-2673 openstack-keystone: Incorrect role assignment with federated Keystone 6. Package List: Red Hat OpenStack Platform 10.0: Source: openstack-keystone-10.0.1-3.el7ost.src.rpm noarch: openstack-keystone-10.0.1-3.el7ost.noarch.rpm python-keystone-10.0.1-3.el7ost.noarch.rpm python-keystone-tests-10.0.1-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2673 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZVBGtXlSAg2UNWIIRAh/zAKCUqlT25iOB1f4A52h//S3jjBpWxACghwnO TQegxajev7nmpk4a4M7yUIc= =e67B -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1598-01] Low: python-django-horizon security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Low: python-django-horizon security, bug fix, and enhancement update Advisory ID: RHSA-2017:1598-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1598 Issue date:2017-06-28 CVE Names: CVE-2017-7400 = 1. Summary: An update for python-django-horizon is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: OpenStack Dashboard (horizon) provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a later upstream version: python-django-horizon (10.0.3). (BZ#1432289, BZ#1454330) Security Fix(es): * A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard. (CVE-2017-7400) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1408777 - Default admin user from default domain does not have Domains tab in Horizon Web Interface. 1414997 - modifying any quota in horizon triggers cinder to update gigabytes = null. Results in horizon error. 1427328 - System info tab in horiozon does not display correct version. 1432036 - Password revealing icon (eyeball) is in the wrong place 1432245 - Cannot create volume from image if cinder v1 service deleted 1432289 - Rebase python-django-horizon to 10.0.3 1439626 - CVE-2017-7400 python-django-horizon: XSS in federation mappings UI 1454330 - Rebase python-django-horizon to 9dda5a 6. Package List: Red Hat OpenStack Platform 10.0: Source: python-django-horizon-10.0.3-6.el7ost.src.rpm noarch: openstack-dashboard-10.0.3-6.el7ost.noarch.rpm openstack-dashboard-theme-10.0.3-6.el7ost.noarch.rpm python-django-horizon-10.0.3-6.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7400 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZVBG6XlSAg2UNWIIRAqXpAJ4i5DYk4s6EqVcTXLYPnaH9ORfYgACfdx43 /Yd3SgF/XczsuU9JNzOGIAM= =5o3S -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1595-01] Moderate: openstack-nova and python-novaclient security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: openstack-nova and python-novaclient security, bug fix, and enhancement update Advisory ID: RHSA-2017:1595-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1595 Issue date:2017-06-28 CVE Names: CVE-2017-7214 = 1. Summary: An update for openstack-nova and python-novaclient is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: OpenStack 10.0 Tools for RHEL 7 - noarch Red Hat OpenStack Platform 10.0 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. python-novaclient is the python client for the OpenStack Nova API. The client's Python API (the novaclient module) and command-line script (nova) both implement 100% of the OpenStack Nova API. The following packages have been upgraded to a later upstream version: python-novaclient (6.0.0), openstack-nova (14.0.6). (BZ#1421265, BZ#1431802, BZ#1429924, BZ#1454629, BZ#1454630) Security Fix(es): * An information exposure issue was discovered in OpenStack Compute's exception_wrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens. (CVE-2017-7214) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1420880 - libvirt overwrites externally set vlan tags in macvtap passthrough VFs since 2.x so Nova needs to craft the XML to include vlan tag 1421265 - nova-manage db sync broke between RHOSP 9 => RHOSP 10 update 1429924 - Rebase openstack-nova to 14.0.4 1431802 - Rebase openstack-nova to upstream/stable/newton hash b8f209 1434844 - CVE-2017-7214 openstack-nova: Sensitive information included in legacy notification exception contexts 1436266 - Microversion 2.37 break 2.32 usage 1448002 - LibvirtError happens when put instance from pause to active status 1454629 - Rebase openstack-nova to 14.0.5 1454630 - Rebase openstack-nova to 14.0.6 6. Package List: OpenStack 10.0 Tools for RHEL 7: Source: python-novaclient-6.0.0-3.el7ost.src.rpm noarch: python-novaclient-6.0.0-3.el7ost.noarch.rpm Red Hat OpenStack Platform 10.0: Source: openstack-nova-14.0.6-2.el7ost.src.rpm python-novaclient-6.0.0-3.el7ost.src.rpm noarch: openstack-nova-14.0.6-2.el7ost.noarch.rpm openstack-nova-api-14.0.6-2.el7ost.noarch.rpm openstack-nova-cells-14.0.6-2.el7ost.noarch.rpm openstack-nova-cert-14.0.6-2.el7ost.noarch.rpm openstack-nova-common-14.0.6-2.el7ost.noarch.rpm openstack-nova-compute-14.0.6-2.el7ost.noarch.rpm openstack-nova-conductor-14.0.6-2.el7ost.noarch.rpm openstack-nova-console-14.0.6-2.el7ost.noarch.rpm openstack-nova-migration-14.0.6-2.el7ost.noarch.rpm openstack-nova-network-14.0.6-2.el7ost.noarch.rpm openstack-nova-novncproxy-14.0.6-2.el7ost.noarch.rpm openstack-nova-placement-api-14.0.6-2.el7ost.noarch.rpm openstack-nova-scheduler-14.0.6-2.el7ost.noarch.rpm openstack-nova-serialproxy-14.0.6-2.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-14.0.6-2.el7ost.noarch.rpm python-nova-14.0.6-2.el7ost.noarch.rpm python-nova-tests-14.0.6-2.el7ost.noarch.rpm python-novaclient-6.0.0-3.el7ost.noarch.rpm OpenStack 10.0 Tools for RHEL 7: Source: python-novaclient-6.0.0-3.el7ost.src.rpm noarch: python-novaclient-6.0.0-3.el7ost.noarch.rpm OpenStack 10.0 Tools for RHEL 7: Source: python-novaclient-6.0.0-3.el7ost.src.rpm noarch: python-novaclient-6.0.0-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7214 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1
[RHSA-2017:1664-01] Low: Red Hat Enterprise Linux 6.2 Advanced Mission Critical 6-Month Notice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.2 Advanced Mission Critical 6-Month Notice Advisory ID: RHSA-2017:1664-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1664 Issue date:2017-06-29 = 1. Summary: This is the six-month notification for the retirement of Red Hat Enterprise Linux 6.2 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 6.2. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017. In addition, on-going technical support through Red Hat's Customer Experience and Engagement will be limited as described under "non-current minor releases" in the Knowledge Base article located here https://access.redhat.com/articles/64664 after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.2 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 6.2): Source: redhat-release-server-6Server-6.2.0.8.el6_2.src.rpm x86_64: redhat-release-server-6Server-6.2.0.8.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 6. References: https://access.redhat.com/security/updates/classification/#low 7. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZVRlbXlSAg2UNWIIRAnbdAKCadHfVQzpXtC1wm3pEovD8kf2cZQCePO3e DlsgS029JvE2o4+GxhZizn8= =Z+mB -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1676-01] Moderate: Red Hat JBoss BRMS security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss BRMS security update Advisory ID: RHSA-2017:1676-01 Product: Red Hat JBoss BRMS Advisory URL: https://access.redhat.com/errata/RHSA-2017:1676 Issue date:2017-07-04 CVE Names: CVE-2016-6346 CVE-2016-9606 CVE-2017-5929 = 1. Summary: An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.4 serves as a replacement for Red Hat JBoss BRMS 6.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack. (CVE-2016-6346) * It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606) * It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains. (CVE-2017-5929) Red Hat would like to thank Mikhail Egorov (Odin) for reporting CVE-2016-6346 and Moritz Bechler (AgNO3 GmbH & Co. KG) for reporting CVE-2016-9606. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1372120 - CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack 1400644 - CVE-2016-9606 Resteasy: Yaml unmarshalling vulnerable to RCE 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 5. References: https://access.redhat.com/security/cve/CVE-2016-6346 https://access.redhat.com/security/cve/CVE-2016-9606 https://access.redhat.com/security/cve/CVE-2017-5929 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms=securityPatches=6.4 6. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZW9iTXlSAg2UNWIIRAkbRAJ95DW4HJ15H9bHa4QApN/xCXa43bACfUotk p95+a2C20HpY01RWm/JoZfA= =YV1H -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1675-01] Moderate: Red Hat JBoss BPM Suite security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss BPM Suite security update Advisory ID: RHSA-2017:1675-01 Product: Red Hat JBoss BPM Suite Advisory URL: https://access.redhat.com/errata/RHSA-2017:1675 Issue date:2017-07-04 CVE Names: CVE-2016-6346 CVE-2016-9606 CVE-2017-5929 = 1. Summary: An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.4 serves as a replacement for Red Hat JBoss BPM Suite 6.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack. (CVE-2016-6346) * It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606) * It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains. (CVE-2017-5929) Red Hat would like to thank Mikhail Egorov (Odin) for reporting CVE-2016-6346 and Moritz Bechler (AgNO3 GmbH & Co. KG) for reporting CVE-2016-9606. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1372120 - CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack 1400644 - CVE-2016-9606 Resteasy: Yaml unmarshalling vulnerable to RCE 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 5. References: https://access.redhat.com/security/cve/CVE-2016-6346 https://access.redhat.com/security/cve/CVE-2016-9606 https://access.redhat.com/security/cve/CVE-2017-5929 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite=securityPatches=6.4 6. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZW9iIXlSAg2UNWIIRAmSbAJwPHL02TQDQzcfEYMEN4IGi65Ox5QCfVc8M LeTvX1KTJxJ2BWveiuOJbZs= =TmO3 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1678-01] Moderate: rh-postgresql94-postgresql security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: rh-postgresql94-postgresql security update Advisory ID: RHSA-2017:1678-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1678 Issue date:2017-07-05 CVE Names: CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 = 1. Summary: An update for rh-postgresql94-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql (9.4.12). (BZ#1449705) Security Fix(es): * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; Daniel Gustafsson as the original reporter of CVE-2017-7485; and Andrew Wheelwright as the original reporter of CVE-2017-7486. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 1448078 - CVE-2017-7484 postgresql: Selectivity estimators bypass SELECT privilege checks 1448086 - CVE-2017-7485 postgresql: libpq ignores PGREQUIRESSL environment variable 1448089 - CVE-2017-7486 postgresql: pg_user_mappings view discloses foreign server passwords 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-postgresql94-postgresql-9.4.12-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-plperl-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-plpython-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-pltcl-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-server-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-static-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-test-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-upgrade-9.4.12-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-postgresql94-postgresql-9.4.12-1.el6.src.rpm x86_64: rh-postgresql94-postgresql-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-contrib-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-debuginfo-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-devel-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-docs-9.4.12-1.el6.x86_64.rpm rh-postgresql94-postgresql-libs-9.4.12-1.el6.x86_64.rpm
[RHSA-2017:1677-01] Moderate: rh-postgresql95-postgresql security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: rh-postgresql95-postgresql security update Advisory ID: RHSA-2017:1677-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1677 Issue date:2017-07-05 CVE Names: CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 = 1. Summary: An update for rh-postgresql95-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql (9.5.7). (BZ#1449701) Security Fix(es): * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; Daniel Gustafsson as the original reporter of CVE-2017-7485; and Andrew Wheelwright as the original reporter of CVE-2017-7486. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 1448078 - CVE-2017-7484 postgresql: Selectivity estimators bypass SELECT privilege checks 1448086 - CVE-2017-7485 postgresql: libpq ignores PGREQUIRESSL environment variable 1448089 - CVE-2017-7486 postgresql: pg_user_mappings view discloses foreign server passwords 1452734 - Broken upgrade 'postgresql-setup --upgrade --upgrade-from=postgresql92-postgresql' 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-postgresql95-postgresql-9.5.7-2.el6.src.rpm x86_64: rh-postgresql95-postgresql-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-server-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-static-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-test-9.5.7-2.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-postgresql95-postgresql-9.5.7-2.el6.src.rpm x86_64: rh-postgresql95-postgresql-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.7-2.el6.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.7-2.el6.x86_64.rpm
[RHSA-2017:1680-01] Important: bind security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2017:1680-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1680 Issue date:2017-07-05 CVE Names: CVE-2017-3142 CVE-2017-3143 = 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459649) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit unauthorized zone transfers 1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-50.el7_3.1.src.rpm noarch: bind-license-9.9.4-50.el7_3.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-50.el7_3.1.i686.rpm bind-debuginfo-9.9.4-50.el7_3.1.x86_64.rpm bind-libs-9.9.4-50.el7_3.1.i686.rpm bind-libs-9.9.4-50.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-50.el7_3.1.i686.rpm bind-libs-lite-9.9.4-50.el7_3.1.x86_64.rpm bind-utils-9.9.4-50.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-50.el7_3.1.x86_64.rpm bind-chroot-9.9.4-50.el7_3.1.x86_64.rpm bind-debuginfo-9.9.4-50.el7_3.1.i686.rpm bind-debuginfo-9.9.4-50.el7_3.1.x86_64.rpm bind-devel-9.9.4-50.el7_3.1.i686.rpm bind-devel-9.9.4-50.el7_3.1.x86_64.rpm bind-lite-devel-9.9.4-50.el7_3.1.i686.rpm bind-lite-devel-9.9.4-50.el7_3.1.x86_64.rpm bind-pkcs11-9.9.4-50.el7_3.1.x86_64.rpm bind-pkcs11-devel-9.9.4-50.el7_3.1.i686.rpm bind-pkcs11-devel-9.9.4-50.el7_3.1.x86_64.rpm bind-pkcs11-libs-9.9.4-50.el7_3.1.i686.rpm bind-pkcs11-libs-9.9.4-50.el7_3.1.x86_64.rpm bind-pkcs11-utils-9.9.4-50.el7_3.1.x86_64.rpm bind-sdb-9.9.4-50.el7_3.1.x86_64.rpm bind-sdb-chroot-9.9.4-50.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-50.el7_3.1.src.rpm noarch: bind-license-9.9.4-50.el7_3.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-50.el7_3.1.i686.rpm bind-debuginfo-9.9.4-50.el7_3.1.x86_64.rpm bind-libs-9.9.4-50.el7_3.1.i686.rpm bind-libs-9.9.4-50.el7_3.1.x86_64.rpm bind-libs-lite-9.9.4-50.el7_3.1.i686.rpm bind-libs-lite-9.9.4-50.el7_3.1.x86_64.rpm bind-utils-9.9.4-50.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64:
[RHSA-2017:1679-01] Important: bind security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2017:1679-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1679 Issue date:2017-07-05 CVE Names: CVE-2017-3142 CVE-2017-3143 = 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458234) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1466189 - CVE-2017-3142 bind: An error in TSIG authentication can permit unauthorized zone transfers 1466193 - CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.62.rc1.el6_9.4.src.rpm i386: bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-utils-9.8.2-0.62.rc1.el6_9.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.4.i686.rpm x86_64: bind-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-devel-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-sdb-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.62.rc1.el6_9.4.src.rpm x86_64: bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-chroot-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.i686.rpm bind-debuginfo-9.8.2-0.62.rc1.el6_9.4.x86_64.rpm bind-devel-9.8.2-0.62.rc1.el6_9.4.i686.rpm
[RHSA-2017:1682-01] Important: qemu-kvm-rhev security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security and bug fix update Advisory ID: RHSA-2017:1682-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2017:1682 Issue date:2017-07-05 CVE Names: CVE-2017-9524 = 1. Summary: An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Managment Agent for RHEL 7 Hosts - ppc64le, x86_64 RHEV-H and VDSM for 7 Hosts - ppc64le, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * Quick Emulator (QEMU) built with Network Block Device (NBD) Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server (denial of service). (CVE-2017-9524) Bug Fix(es): * Previously, when the data plane was in use, changing the target image of a virtual SCSI CD device caused the guest to terminate unexpectedly with a core dump. With this update, the virtio-scsi bus rejects SCSI CDs when the data plane is active, which prevents the crash from occurring. Note that this is a temporary solution, and a full fix to make the data plane and SCSI CD compatible will be provided in the future. (BZ#1461837) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1460170 - CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation 1461837 - Core dump when use "data-plane" and execute change cd 6. Package List: Managment Agent for RHEL 7 Hosts: Source: qemu-kvm-rhev-2.6.0-28.el7_3.12.src.rpm ppc64le: qemu-img-rhev-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-rhev-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.ppc64le.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.x86_64.rpm RHEV-H and VDSM for 7 Hosts: Source: qemu-kvm-rhev-2.6.0-28.el7_3.12.src.rpm ppc64le: qemu-img-rhev-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-rhev-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.ppc64le.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.ppc64le.rpm x86_64: qemu-img-rhev-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-common-rhev-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-rhev-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.12.x86_64.rpm qemu-kvm-tools-rhev-2.6.0-28.el7_3.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-9524 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZXMh+XlSAg2UNWIIRAkYDAKChxVWK6GK9T6b9up61ksd8p3Tz/ACfTlgA o+QSOB8MxHhFvYLQjK2auko= =HkKC -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1681-01] Important: qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2017:1681-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1681 Issue date:2017-07-05 CVE Names: CVE-2017-9524 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick Emulator (QEMU) built with Network Block Device (NBD) Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server (denial of service). (CVE-2017-9524) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1460170 - CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.10.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.10.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.10.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.10.src.rpm ppc64: qemu-img-1.5.3-126.el7_3.10.ppc64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.10.ppc64.rpm ppc64le: qemu-img-1.5.3-126.el7_3.10.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.10.ppc64le.rpm x86_64: qemu-img-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-126.el7_3.10.src.rpm x86_64: qemu-img-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-common-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-126.el7_3.10.x86_64.rpm qemu-kvm-tools-1.5.3-126.el7_3.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-9524 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZXMhWXlSAg2UNWIIRAvdcAJ4urVUBx0tkyHKe+zLAzuM8I7fD0ACcDAlN 1aD0i9ZEUbI21Q8ihTuWhSA= =TE+9 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1685-01] Important: ansible security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: ansible security, bug fix, and enhancement update Advisory ID: RHSA-2017:1685-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2017:1685 Issue date:2017-07-06 CVE Names: CVE-2016-8647 CVE-2016-9587 CVE-2017-7466 = 1. Summary: An update for ansible is now available for RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHV-M 4.1 - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ansible (2.3.0.0). (BZ#1446527) Security Fix(es): * An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. (CVE-2016-9587) * An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. (CVE-2017-7466) * An input validation vulnerability was found in Ansible's mysql_user module which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. (CVE-2016-8647) The CVE-2017-7466 issue was discovered by Evgeni Golov (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1396174 - CVE-2016-8647 Ansible: in some circumstances the mysql_user module may fail to correctly change a password 1404378 - CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller 1439212 - CVE-2017-7466 ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587) 1446527 - Upgrade ansible to version 2.3.0.0 6. Package List: RHV-M 4.1: Source: ansible-2.3.0.0-4.el7.src.rpm noarch: ansible-2.3.0.0-4.el7.noarch.rpm ansible-doc-2.3.0.0-4.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8647 https://access.redhat.com/security/cve/CVE-2016-9587 https://access.redhat.com/security/cve/CVE-2017-7466 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZXlRHXlSAg2UNWIIRAm4UAJ9kEPm4r+UklFLlOtUCUMeBCxq9jgCgj7aT hJgsqWfXfDHBsCbJGzF1r6g= =jCPL -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1583-01] Important: bind security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2017:1583-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1583 Issue date:2017-06-28 CVE Names: CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3137 = 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) * A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) * A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137) Red Hat would like to thank ISC for reporting these issues. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters of CVE-2016-8864. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459648) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer 1411348 - CVE-2016-9131 bind: assertion failure while processing response to an ANY query 1411367 - CVE-2016-9147 bind: assertion failure while handling a query response containing inconsistent DNSSEC information 1411377 - CVE-2016-9444 bind: assertion failure while handling an unusually-formed DS record response 1441133 - CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.2): Source: bind-9.9.4-29.el7_2.6.src.rpm noarch: bind-license-9.9.4-29.el7_2.6.noarch.rpm x86_64: bind-debuginfo-9.9.4-29.el7_2.6.i686.rpm bind-debuginfo-9.9.4-29.el7_2.6.x86_64.rpm bind-libs-9.9.4-29.el7_2.6.i686.rpm bind-libs-9.9.4-29.el7_2.6.x86_64.rpm bind-libs-lite-9.9.4-29.el7_2.6.i686.rpm bind-libs-lite-9.9.4-29.el7_2.6.x86_64.rpm bind-utils-9.9.4-29.el7_2.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2): x86_64: bind-9.9.4-29.el7_2.6.x86_64.rpm bind-chroot-9.9.4-29.el7_2.6.x86_64.rpm bind-debuginfo-9.9.4-29.el7_2.6.i686.rpm bind-debuginfo-9.9.4-29.el7_2.6.x86_64.rpm bind-devel-9.9.4-29.el7_2.6.i686.rpm bind-devel-9.9.4-29.el7_2.6.x86_64.rpm
[RHSA-2017:1582-01] Important: bind security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2017:1582-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1582 Issue date:2017-06-28 CVE Names: CVE-2017-3137 CVE-2017-3139 = 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137) * A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3139) Red Hat would like to thank ISC for reporting CVE-2017-3137. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458229, BZ#1458230, BZ#1458231, BZ#1458232, BZ#1458233) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1441133 - CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver 1447743 - CVE-2017-3139 bind: assertion failure in DNSSEC validation 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.11.src.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.11.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.11.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: bind-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.11.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.11.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.11.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.9.src.rpm x86_64: bind-9.7.3-8.P3.el6_2.9.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.9.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.9.i686.rpm
[RHSA-2017:1581-01] Important: freeradius security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: freeradius security update Advisory ID: RHSA-2017:1581-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1581 Issue date:2017-06-28 CVE Names: CVE-2017-9148 = 1. Summary: An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. (CVE-2017-9148) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1456697 - CVE-2017-9148 freeradius: TLS resumption authentication bypass 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: freeradius-3.0.4-8.el7_3.src.rpm aarch64: freeradius-3.0.4-8.el7_3.aarch64.rpm freeradius-debuginfo-3.0.4-8.el7_3.aarch64.rpm ppc64: freeradius-3.0.4-8.el7_3.ppc64.rpm freeradius-debuginfo-3.0.4-8.el7_3.ppc64.rpm ppc64le: freeradius-3.0.4-8.el7_3.ppc64le.rpm freeradius-debuginfo-3.0.4-8.el7_3.ppc64le.rpm s390x: freeradius-3.0.4-8.el7_3.s390x.rpm freeradius-debuginfo-3.0.4-8.el7_3.s390x.rpm x86_64: freeradius-3.0.4-8.el7_3.x86_64.rpm freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: freeradius-debuginfo-3.0.4-8.el7_3.aarch64.rpm freeradius-devel-3.0.4-8.el7_3.aarch64.rpm freeradius-doc-3.0.4-8.el7_3.aarch64.rpm freeradius-krb5-3.0.4-8.el7_3.aarch64.rpm freeradius-ldap-3.0.4-8.el7_3.aarch64.rpm freeradius-mysql-3.0.4-8.el7_3.aarch64.rpm freeradius-perl-3.0.4-8.el7_3.aarch64.rpm freeradius-postgresql-3.0.4-8.el7_3.aarch64.rpm freeradius-python-3.0.4-8.el7_3.aarch64.rpm freeradius-sqlite-3.0.4-8.el7_3.aarch64.rpm freeradius-unixODBC-3.0.4-8.el7_3.aarch64.rpm freeradius-utils-3.0.4-8.el7_3.aarch64.rpm ppc64: freeradius-debuginfo-3.0.4-8.el7_3.ppc.rpm freeradius-debuginfo-3.0.4-8.el7_3.ppc64.rpm freeradius-devel-3.0.4-8.el7_3.ppc.rpm freeradius-devel-3.0.4-8.el7_3.ppc64.rpm freeradius-doc-3.0.4-8.el7_3.ppc64.rpm freeradius-krb5-3.0.4-8.el7_3.ppc64.rpm freeradius-ldap-3.0.4-8.el7_3.ppc64.rpm freeradius-mysql-3.0.4-8.el7_3.ppc64.rpm freeradius-perl-3.0.4-8.el7_3.ppc64.rpm freeradius-postgresql-3.0.4-8.el7_3.ppc64.rpm freeradius-python-3.0.4-8.el7_3.ppc64.rpm freeradius-sqlite-3.0.4-8.el7_3.ppc64.rpm freeradius-unixODBC-3.0.4-8.el7_3.ppc64.rpm freeradius-utils-3.0.4-8.el7_3.ppc64.rpm ppc64le: freeradius-debuginfo-3.0.4-8.el7_3.ppc64le.rpm freeradius-devel-3.0.4-8.el7_3.ppc64le.rpm freeradius-doc-3.0.4-8.el7_3.ppc64le.rpm freeradius-krb5-3.0.4-8.el7_3.ppc64le.rpm freeradius-ldap-3.0.4-8.el7_3.ppc64le.rpm freeradius-mysql-3.0.4-8.el7_3.ppc64le.rpm freeradius-perl-3.0.4-8.el7_3.ppc64le.rpm freeradius-postgresql-3.0.4-8.el7_3.ppc64le.rpm freeradius-python-3.0.4-8.el7_3.ppc64le.rpm freeradius-sqlite-3.0.4-8.el7_3.ppc64le.rpm freeradius-unixODBC-3.0.4-8.el7_3.ppc64le.rpm freeradius-utils-3.0.4-8.el7_3.ppc64le.rpm s390x: freeradius-debuginfo-3.0.4-8.el7_3.s390.rpm freeradius-debuginfo-3.0.4-8.el7_3.s390x.rpm freeradius-devel-3.0.4-8.el7_3.s390.rpm freeradius-devel-3.0.4-8.el7_3.s390x.rpm freeradius-doc-3.0.4-8.el7_3.s390x.rpm freeradius-krb5-3.0.4-8.el7_3.s390x.rpm freeradius-ldap-3.0.4-8.el7_3.s390x.rpm freeradius-mysql-3.0.4-8.el7_3.s390x.rpm freeradius-perl-3.0.4-8.el7_3.s390x.rpm freeradius-postgresql-3.0.4-8.el7_3.s390x.rpm freeradius-python-3.0.4-8.el7_3.s390x.rpm freeradius-sqlite-3.0.4-8.el7_3.s390x.rpm freeradius-unixODBC-3.0.4-8.el7_3.s390x.rpm freeradius-utils-3.0.4-8.el7_3.s390x.rpm x86_64: freeradius-debuginfo-3.0.4-8.el7_3.i686.rpm freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm
[RHSA-2017:1601-01] Important: CFME 5.7.3 security, bug fix and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: CFME 5.7.3 security, bug fix and enhancement update Advisory ID: RHSA-2017:1601-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2017:1601 Issue date:2017-06-28 Cross references: RHSA-2017:0898 CVE Names: CVE-2016-4457 CVE-2016-7047 CVE-2017-7497 = 1. Summary: Updates for cfme, cfme-appliance, cfme-gemset, rh-ruby23-rubygem-nokogiri, and rh-ruby23-rubygem-ovirt-engine-sdk4 are now available for CloudForms Management Engine 5.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.7 - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. rh-ruby23-rubygem-nokogiri provides Nokogiri, which is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents using XPath or CSS3 selectors. rh-ruby23-rubygem-ovirt-engine-sdk4 provides the ruby SDK for the oVirt Engine API. The following packages have been upgraded to a later upstream version: cfme (5.7.3.2), cfme-gemset (5.7.3.2), rh-ruby23-rubygem-nokogiri (1.7.2), cfme-appliance (5.7.3.2), rh-ruby23-rubygem-ovirt-engine-sdk4 (4.1.5). (BZ#1442774, BZ#1459319) This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section. Security Fix(es): * CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for future attacks. (CVE-2016-4457) * The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant. (CVE-2017-7497) * A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. (CVE-2016-7047) The CVE-2016-4457 and CVE-2016-7047 issues were discovered by Simon Lukasik (Red Hat) and the CVE-2017-7497 issue was discovered by Gellert Kis (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1322396 - [RFE] Allow for deletion of group when users belong to another group 1341308 - CVE-2016-4457 CFME: default certificate used across all installs 1350340 - Downloading the job templates of Anisble tower displays wrong data 1402992 - VM snapshot: revert option is enabled, for Active VM 1403358 - Add Provider->Type "RHEVM" should change to "RHV" 1414869 - VMRC is not working if IE compatibility mode is disabled 1419604 - [AnsibleTowerClient::ConnectionError]: Your license does not allow adding surveys 1428944 - Vulnerable JQuery Version 1430468 - Parent tenant displayed in list view when allowed by RBAC 1434152 - [RFE] Support for custom Amazon Regions in Provider 1434952 - delete action in /api/orchestration_templates results in error 1436074 - Back/Cancel buttton is missing on host drift comparison page 1436222 - The option of VM migration to the same host it is already running on is possible 1436226 - Persistent volume relationship link broken 1436228 - When the same action is used twice for a policy, action icons are inconsistent 1436232 - WebUI - Web Console button is enabled for archived vm's 1436233 - Container Provider - Capacity & Utilization: The page you were looking for doesn't exist 1436236 - Can't add provider specific catalog items to global region 1436237 - Event filter For Openstack::InfraManager 1436756 -
[RHSA-2017:2451-01] Important: openstack-neutron security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: openstack-neutron security update Advisory ID: RHSA-2017:2451-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:2451 Issue date:2017-08-08 CVE Names: CVE-2017-7543 = 1. Summary: An update for openstack-neutron is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 8.0 (Liberty) - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix(es): * A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543) This issue was discovered by Paul Needle (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update 6. Package List: Red Hat OpenStack Platform 8.0 (Liberty): Source: openstack-neutron-7.2.0-12.1.el7ost.src.rpm noarch: openstack-neutron-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-bigswitch-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-brocade-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-cisco-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-common-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-dev-server-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-embrane-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-linuxbridge-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-mellanox-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-metering-agent-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-ml2-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-nuage-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-ofagent-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-opencontrail-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-openvswitch-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-ovsvapp-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-rpc-server-7.2.0-12.1.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-7.2.0-12.1.el7ost.noarch.rpm python-neutron-7.2.0-12.1.el7ost.noarch.rpm python-neutron-tests-7.2.0-12.1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7543 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZijz5XlSAg2UNWIIRAvKyAJ0W/Sohb8Vf/kKtyvv2sw9C3buAAACdFtgq NF2iAst1GD6HWbsG+sc01UM= =NEgn -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2449-01] Important: openstack-neutron security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: openstack-neutron security update Advisory ID: RHSA-2017:2449-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:2449 Issue date:2017-08-08 CVE Names: CVE-2017-7543 = 1. Summary: An update for openstack-neutron is now available for Red Hat OpenStack Platform 11.0 (Ocata). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 11.0 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix(es): * A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543) This issue was discovered by Paul Needle (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update 6. Package List: Red Hat OpenStack Platform 11.0: Source: openstack-neutron-10.0.2-1.1.el7ost.src.rpm noarch: openstack-neutron-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-common-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-linuxbridge-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-macvtap-agent-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-metering-agent-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-ml2-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-openvswitch-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-rpc-server-10.0.2-1.1.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-10.0.2-1.1.el7ost.noarch.rpm python-neutron-10.0.2-1.1.el7ost.noarch.rpm python-neutron-tests-10.0.2-1.1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7543 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZij0eXlSAg2UNWIIRAne5AKC9MI2aQ3b/w1+PLMZqAdMs8b3jkQCeMfk2 Gpey/NCmEoC3HbkbkEBzmHE= =B61h -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2447-01] Important: openstack-neutron security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: openstack-neutron security update Advisory ID: RHSA-2017:2447-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:2447 Issue date:2017-08-08 CVE Names: CVE-2017-7543 = 1. Summary: An update for openstack-neutron is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 9.0 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix(es): * A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-arptables, net.bridge.bridge-nf-call-ip6tables, and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543) This issue was discovered by Paul Needle (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update 6. Package List: Red Hat OpenStack Platform 9.0: Source: openstack-neutron-8.3.0-11.1.el7ost.src.rpm noarch: openstack-neutron-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-bgp-dragent-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-common-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-linuxbridge-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-macvtap-agent-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-metering-agent-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-ml2-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-openvswitch-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-rpc-server-8.3.0-11.1.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-8.3.0-11.1.el7ost.noarch.rpm python-neutron-8.3.0-11.1.el7ost.noarch.rpm python-neutron-tests-8.3.0-11.1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7543 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZij1PXlSAg2UNWIIRAhVUAKCiyH+qCt/BBU9b5LcLebkBurSzcwCcDUmi i1ZVbLDhOBDJ9fiHAIwUkEw= =WIhr -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:2452-01] Important: openstack-neutron security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: openstack-neutron security update Advisory ID: RHSA-2017:2452-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:2452 Issue date:2017-08-08 CVE Names: CVE-2017-7543 = 1. Summary: An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix(es): * A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543) This issue was discovered by Paul Needle (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7: Source: openstack-neutron-2014.2.3-42.el7ost.src.rpm noarch: openstack-neutron-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-bigswitch-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-brocade-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-cisco-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-common-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-embrane-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-hyperv-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-ibm-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-linuxbridge-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-mellanox-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-metaplugin-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-metering-agent-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-midonet-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-ml2-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-nec-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-nuage-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-ofagent-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-opencontrail-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-openvswitch-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-plumgrid-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-ryu-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-sriov-nic-agent-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-vmware-2014.2.3-42.el7ost.noarch.rpm openstack-neutron-vpn-agent-2014.2.3-42.el7ost.noarch.rpm python-neutron-2014.2.3-42.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7543 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD4DBQFZikGFXlSAg2UNWIIRAku3AJjrV0ojwndzQIwo8h/FkN4+DKKDAKCjjh4R SSvOIcnnPYnSuD5YrGMMCQ== =Ctu7 -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
[RHSA-2017:1871-01] Moderate: tcpdump security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: tcpdump security, bug fix, and enhancement update Advisory ID: RHSA-2017:1871-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1871 Issue date:2017-08-01 CVE Names: CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 = 1. Summary: An update for tcpdump is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump (4.9.0). (BZ#1422473) Security Fix(es): * Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486) Red Hat would like to thank the Tcpdump project for reporting CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1201792 - CVE-2015-0261 tcpdump: IPv6 mobility printer mobility_opt_print() typecastimg/signedness error 1201795 - CVE-2015-2153 tcpdump: tcp printer rpki_rtr_pdu_print() missing length check 1201797 - CVE-2015-2154 tcpdump: ethernet printer osi_print_cksum() missing sanity checks out-of-bounds read 1201798 - CVE-2015-2155 tcpdump: force printer vulnerability 1292056 - Use -Q instead of -P to set capture direction 1296230 - Run upstream tests during build process 1297812 - Tcpdump segfaults with
[RHSA-2017:1975-01] Moderate: libreoffice security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: libreoffice security and bug fix update Advisory ID: RHSA-2017:1975-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1975 Issue date:2017-08-01 CVE Names: CVE-2017-7870 = 1. Summary: An update for libreoffice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2017-7870) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of LibreOffice applications must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1397992 - [fix available] Crash in calc after closing dialog box with a11y enabled 1411327 - [fix available] Password Protected (Encrypted) files opening as plain text after cancelling password dialog 1421726 - [fix available] redraw issues in libreoffice calc when 300 or more cells are populated 1431539 - gnome-documents requires libreofficekit which is not provided 1444061 - CVE-2017-7870 libreoffice: Heap-buffer-overflow in tools::Polygon::Insert 1454598 - [fix available] LibreOffice Writer crashes when selecting a bullet or numbering type from toolbar 1454693 - Segmentation fault after clicking gnome-documents back button while presentation is being slowly loaded 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libreoffice-5.0.6.2-14.el7.src.rpm noarch: autocorr-af-5.0.6.2-14.el7.noarch.rpm autocorr-bg-5.0.6.2-14.el7.noarch.rpm autocorr-ca-5.0.6.2-14.el7.noarch.rpm autocorr-cs-5.0.6.2-14.el7.noarch.rpm autocorr-da-5.0.6.2-14.el7.noarch.rpm autocorr-de-5.0.6.2-14.el7.noarch.rpm autocorr-en-5.0.6.2-14.el7.noarch.rpm autocorr-es-5.0.6.2-14.el7.noarch.rpm autocorr-fa-5.0.6.2-14.el7.noarch.rpm autocorr-fi-5.0.6.2-14.el7.noarch.rpm autocorr-fr-5.0.6.2-14.el7.noarch.rpm autocorr-ga-5.0.6.2-14.el7.noarch.rpm autocorr-hr-5.0.6.2-14.el7.noarch.rpm autocorr-hu-5.0.6.2-14.el7.noarch.rpm autocorr-is-5.0.6.2-14.el7.noarch.rpm autocorr-it-5.0.6.2-14.el7.noarch.rpm autocorr-ja-5.0.6.2-14.el7.noarch.rpm autocorr-ko-5.0.6.2-14.el7.noarch.rpm autocorr-lb-5.0.6.2-14.el7.noarch.rpm autocorr-lt-5.0.6.2-14.el7.noarch.rpm autocorr-mn-5.0.6.2-14.el7.noarch.rpm autocorr-nl-5.0.6.2-14.el7.noarch.rpm autocorr-pl-5.0.6.2-14.el7.noarch.rpm autocorr-pt-5.0.6.2-14.el7.noarch.rpm autocorr-ro-5.0.6.2-14.el7.noarch.rpm autocorr-ru-5.0.6.2-14.el7.noarch.rpm autocorr-sk-5.0.6.2-14.el7.noarch.rpm autocorr-sl-5.0.6.2-14.el7.noarch.rpm autocorr-sr-5.0.6.2-14.el7.noarch.rpm autocorr-sv-5.0.6.2-14.el7.noarch.rpm autocorr-tr-5.0.6.2-14.el7.noarch.rpm autocorr-vi-5.0.6.2-14.el7.noarch.rpm autocorr-zh-5.0.6.2-14.el7.noarch.rpm libreoffice-opensymbol-fonts-5.0.6.2-14.el7.noarch.rpm x86_64: libreoffice-base-5.0.6.2-14.el7.x86_64.rpm libreoffice-calc-5.0.6.2-14.el7.x86_64.rpm libreoffice-core-5.0.6.2-14.el7.x86_64.rpm libreoffice-debuginfo-5.0.6.2-14.el7.x86_64.rpm libreoffice-draw-5.0.6.2-14.el7.x86_64.rpm libreoffice-emailmerge-5.0.6.2-14.el7.x86_64.rpm libreoffice-graphicfilter-5.0.6.2-14.el7.x86_64.rpm libreoffice-impress-5.0.6.2-14.el7.x86_64.rpm libreoffice-langpack-af-5.0.6.2-14.el7.x86_64.rpm libreoffice-langpack-ar-5.0.6.2-14.el7.x86_64.rpm
[RHSA-2017:2335-01] Moderate: pki-core security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: pki-core security update Advisory ID: RHSA-2017:2335-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2335 Issue date:2017-08-01 CVE Names: CVE-2017-7537 = 1. Summary: An update for pki-core is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem. Security Fix(es): * It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. (CVE-2017-7537) This issue was discovered by Christina Fu (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1469432 - CMC plugin default change 1470817 - CVE-2017-7537 pki-core: mock CMC authentication plugin with hardcoded secret enabled by default 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: pki-core-10.4.1-11.el7.src.rpm noarch: pki-base-10.4.1-11.el7.noarch.rpm pki-base-java-10.4.1-11.el7.noarch.rpm pki-ca-10.4.1-11.el7.noarch.rpm pki-javadoc-10.4.1-11.el7.noarch.rpm pki-kra-10.4.1-11.el7.noarch.rpm pki-server-10.4.1-11.el7.noarch.rpm x86_64: pki-core-debuginfo-10.4.1-11.el7.x86_64.rpm pki-symkey-10.4.1-11.el7.x86_64.rpm pki-tools-10.4.1-11.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: pki-core-10.4.1-11.el7.src.rpm noarch: pki-base-10.4.1-11.el7.noarch.rpm pki-base-java-10.4.1-11.el7.noarch.rpm pki-ca-10.4.1-11.el7.noarch.rpm pki-javadoc-10.4.1-11.el7.noarch.rpm pki-kra-10.4.1-11.el7.noarch.rpm pki-server-10.4.1-11.el7.noarch.rpm x86_64: pki-core-debuginfo-10.4.1-11.el7.x86_64.rpm pki-symkey-10.4.1-11.el7.x86_64.rpm pki-tools-10.4.1-11.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: pki-core-10.4.1-11.el7.src.rpm aarch64: pki-core-debuginfo-10.4.1-11.el7.aarch64.rpm pki-symkey-10.4.1-11.el7.aarch64.rpm pki-tools-10.4.1-11.el7.aarch64.rpm noarch: pki-base-10.4.1-11.el7.noarch.rpm pki-base-java-10.4.1-11.el7.noarch.rpm pki-ca-10.4.1-11.el7.noarch.rpm pki-kra-10.4.1-11.el7.noarch.rpm pki-server-10.4.1-11.el7.noarch.rpm ppc64le: pki-core-debuginfo-10.4.1-11.el7.ppc64le.rpm pki-tools-10.4.1-11.el7.ppc64le.rpm x86_64: pki-core-debuginfo-10.4.1-11.el7.x86_64.rpm pki-symkey-10.4.1-11.el7.x86_64.rpm pki-tools-10.4.1-11.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: pki-core-10.4.1-11.el7.src.rpm noarch: pki-base-10.4.1-11.el7.noarch.rpm pki-base-java-10.4.1-11.el7.noarch.rpm pki-ca-10.4.1-11.el7.noarch.rpm pki-javadoc-10.4.1-11.el7.noarch.rpm pki-kra-10.4.1-11.el7.noarch.rpm pki-server-10.4.1-11.el7.noarch.rpm ppc64: pki-core-debuginfo-10.4.1-11.el7.ppc64.rpm pki-symkey-10.4.1-11.el7.ppc64.rpm pki-tools-10.4.1-11.el7.ppc64.rpm ppc64le: pki-core-debuginfo-10.4.1-11.el7.ppc64le.rpm pki-symkey-10.4.1-11.el7.ppc64le.rpm s390x: pki-core-debuginfo-10.4.1-11.el7.s390x.rpm pki-symkey-10.4.1-11.el7.s390x.rpm pki-tools-10.4.1-11.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: pki-core-10.4.1-11.el7.src.rpm noarch: pki-base-10.4.1-11.el7.noarch.rpm pki-base-java-10.4.1-11.el7.noarch.rpm pki-ca-10.4.1-11.el7.noarch.rpm pki-kra-10.4.1-11.el7.noarch.rpm pki-server-10.4.1-11.el7.noarch.rpm x86_64: pki-core-debuginfo-10.4.1-11.el7.x86_64.rpm pki-symkey-10.4.1-11.el7.x86_64.rpm pki-tools-10.4.1-11.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: pki-javadoc-10.4.1-11.el7.noarch.rpm These packages are GPG signed by Red Hat for
[RHSA-2017:2016-01] Moderate: curl security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2017:2016-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2016 Issue date:2017-08-01 CVE Names: CVE-2016-7167 = 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions. (CVE-2016-7167) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1341503 - Curl request for HTTP GET with Cookie to an IPV6 address does not send the cookie 1374740 - libcurl does not accept use of ciphers *-SHA384 1375906 - CVE-2016-7167 curl: escape and unescape integer overflows 1388162 - HTTPS request hangs when HTTP proxy responds too soon 1404815 - SEC_ERROR_NO_TOKEN error when using SSL and multiple threads 1420327 - CURL 7.29 cannot connect to FTPS using proxytunnel 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: curl-7.29.0-42.el7.src.rpm x86_64: curl-7.29.0-42.el7.x86_64.rpm curl-debuginfo-7.29.0-42.el7.i686.rpm curl-debuginfo-7.29.0-42.el7.x86_64.rpm libcurl-7.29.0-42.el7.i686.rpm libcurl-7.29.0-42.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: curl-debuginfo-7.29.0-42.el7.i686.rpm curl-debuginfo-7.29.0-42.el7.x86_64.rpm libcurl-devel-7.29.0-42.el7.i686.rpm libcurl-devel-7.29.0-42.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: curl-7.29.0-42.el7.src.rpm x86_64: curl-7.29.0-42.el7.x86_64.rpm curl-debuginfo-7.29.0-42.el7.i686.rpm curl-debuginfo-7.29.0-42.el7.x86_64.rpm libcurl-7.29.0-42.el7.i686.rpm libcurl-7.29.0-42.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: curl-debuginfo-7.29.0-42.el7.i686.rpm curl-debuginfo-7.29.0-42.el7.x86_64.rpm libcurl-devel-7.29.0-42.el7.i686.rpm libcurl-devel-7.29.0-42.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: curl-7.29.0-42.el7.src.rpm aarch64: curl-7.29.0-42.el7.aarch64.rpm curl-debuginfo-7.29.0-42.el7.aarch64.rpm libcurl-7.29.0-42.el7.aarch64.rpm libcurl-devel-7.29.0-42.el7.aarch64.rpm ppc64: curl-7.29.0-42.el7.ppc64.rpm curl-debuginfo-7.29.0-42.el7.ppc.rpm curl-debuginfo-7.29.0-42.el7.ppc64.rpm libcurl-7.29.0-42.el7.ppc.rpm libcurl-7.29.0-42.el7.ppc64.rpm libcurl-devel-7.29.0-42.el7.ppc.rpm libcurl-devel-7.29.0-42.el7.ppc64.rpm ppc64le: curl-7.29.0-42.el7.ppc64le.rpm curl-debuginfo-7.29.0-42.el7.ppc64le.rpm libcurl-7.29.0-42.el7.ppc64le.rpm libcurl-devel-7.29.0-42.el7.ppc64le.rpm s390x: curl-7.29.0-42.el7.s390x.rpm curl-debuginfo-7.29.0-42.el7.s390.rpm curl-debuginfo-7.29.0-42.el7.s390x.rpm libcurl-7.29.0-42.el7.s390.rpm libcurl-7.29.0-42.el7.s390x.rpm libcurl-devel-7.29.0-42.el7.s390.rpm libcurl-devel-7.29.0-42.el7.s390x.rpm x86_64: curl-7.29.0-42.el7.x86_64.rpm curl-debuginfo-7.29.0-42.el7.i686.rpm curl-debuginfo-7.29.0-42.el7.x86_64.rpm libcurl-7.29.0-42.el7.i686.rpm libcurl-7.29.0-42.el7.x86_64.rpm libcurl-devel-7.29.0-42.el7.i686.rpm libcurl-devel-7.29.0-42.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: curl-7.29.0-42.el7.src.rpm x86_64: curl-7.29.0-42.el7.x86_64.rpm curl-debuginfo-7.29.0-42.el7.i686.rpm curl-debuginfo-7.29.0-42.el7.x86_64.rpm libcurl-7.29.0-42.el7.i686.rpm libcurl-7.29.0-42.el7.x86_64.rpm libcurl-devel-7.29.0-42.el7.i686.rpm
[RHSA-2017:1865-01] Moderate: X.org X11 libraries security, bug fix and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: X.org X11 libraries security, bug fix and enhancement update Advisory ID: RHSA-2017:1865-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1865 Issue date:2017-08-01 CVE Names: CVE-2016-10164 CVE-2017-2625 CVE-2017-2626 = 1. Summary: An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The X11 (Xorg) libraries provide library routines that are used within all X Window applications. The following packages have been upgraded to a later upstream version: libX11 (1.6.5), libXaw (1.0.13), libXdmcp (1.1.2), libXfixes (5.0.3), libXfont (1.5.2), libXi (1.7.9), libXpm (3.5.12), libXrandr (1.5.1), libXrender (0.9.10), libXt (1.1.5), libXtst (1.2.3), libXv (1.0.11), libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74), libepoxy (1.3.1), libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1), libwacom (0.24), libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1), mesa-private-llvm (3.9.1), xcb-proto (1.12), xkeyboard-config (2.20), xorg-x11-proto-devel (7.7). (BZ#1401667, BZ#1401668, BZ#1401669, BZ#1401670, BZ#1401671, BZ#1401672, BZ#1401673, BZ#1401675, BZ#1401676, BZ#1401677, BZ#1401678, BZ#1401679, BZ#1401680, BZ#1401681, BZ#1401682, BZ#1401683, BZ#1401685, BZ#1401690, BZ#1401752, BZ#1401753, BZ#1401754, BZ#1402560, BZ#1410477, BZ#1411390, BZ#1411392, BZ#1411393, BZ#1411452, BZ#1420224) Security Fix(es): * An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. (CVE-2017-2625) * It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. (CVE-2017-2626) Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1268849 - Installed (but unpackaged) file(s) found for ppc64 qnd ppc64le 1272117 - [libICE] Installed (but unpackaged) file(s) found 1272129 - [libXaw] error: Installed (but unpackaged) file(s) found 1273281 - libXi - wrong release string 1297276 - mesa vdpau drivers are missing 1378864 - DRI3/Present OGL application hang 1388458 - RHEL7 libXcursor default cursor theme is dmz-aa, but dmz-cursor-themes no longer supplied 1401667 - Rebase libX11 in RHEL 7.4 1401668 - Rebase libXaw in RHEL 7.4 1401669 - Rebase libXdmcp in RHEL 7.4 1401670 - Rebase libXfixes in RHEL 7.4 1401671 - Rebase libXfont in RHEL 7.4 1401672 - Rebase libXi in RHEL 7.4 1401673 - Rebase libXrandr in RHEL 7.4 1401675 - Rebase libXrender in RHEL 7.4 1401676 - Rebase libXt in RHEL 7.4 1401677 - Rebase libXtst in RHEL 7.4 1401678 - Rebase libXv in RHEL 7.4 1401679 - Rebase libXvMC in RHEL 7.4 1401680 - Rebase libXxf86vm in RHEL 7.4 1401681 - Rebase libdrm in RHEL 7.4 1401682 - Rebase mesa in RHEL 7.4 1401683 - Rebase mesa-private-llvm in RHEL 7.4 1401685 - Rebase xorg-x11-proto-devel in RHEL 7.4 1401690 - Rebase libepoxy in RHEL 7.4 1401752 - Rebase libwacom in RHEL 7.4 1401753 - Rebase xkeyboard-config in RHEL 7.4 1401754 - Rebase libevdev in RHEL 7.4 1402560 -
[RHSA-2017:1916-01] Moderate: glibc security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2017:1916-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1916 Issue date:2017-08-01 CVE Names: CVE-2014-9761 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 = 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. (CVE-2014-9761) * It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. (CVE-2015-8776) * An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution. (CVE-2015-8778) * A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. (CVE-2015-8779) * It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application. (CVE-2015-8777) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 906468 - Deadlock in glibc between fork and malloc 1213603 - glibc: nss_db: get*ent crashes without preceding set*ent 1260581 - CVE-2015-8777 glibc: LD_POINTER_GUARD in the environment is not sanitized 1298975 - [RFE] Backport the groups merging feature 1300299 - CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() 1300303 - CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r 1300310 - CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions 1300312 - CVE-2015-8779 glibc: Unbounded stack allocation in catopen function 1318877 - Per C11 and C++11, should not look at __STDC_LIMIT_MACROS or __STDC_CONSTANT_MACROS 1318890 - glibc: nss_db: long group entries are skipped 1322544 - Segmentation violation can occur within glibc if fork() is used in a multi-threaded application 1324568 - glibc: getent returns dud entry when nscd enabled 1325138 - glibc: Corrupted aux-cache causes ldconfig to segfault 1330705 - open() and openat() ignore 'mode' with O_TMPFILE on newer kernels 1338672 - glibc: GCC 6 enablement for struct sockaddr_storage 1366569 - glibc: default nsswitch.conf should not set initgroups 1370630 - glibc: nss_db: Endless loop in services database processing 1387874 - MSG_FASTOPEN definition missing 1392540 - glibc: default nsswitch.conf does not list sss for the automount service 1404435 - "yum update" on fresh installation of RHEL 7.0 or 7.1 PPC64 (updating to 7.3) results in various yum errors 1417205 -
[RHSA-2017:1856-01] Moderate: qemu-kvm security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security, bug fix, and enhancement update Advisory ID: RHSA-2017:1856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1856 Issue date:2017-08-01 CVE Names: CVE-2016-4020 CVE-2017-2633 CVE-2017-5898 = 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-2633) * An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898) * An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020) Red Hat would like to thank Li Qiang (360.cn Inc.) for reporting CVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1151859 - [RFE] Allow the libgfapi logging level to be controlled. 1299875 - system_reset should clear pending request for error (IDE) 1313686 - CVE-2016-4020 Qemu: i386: leakage of stack memory to guest in kvmvapic.c 1342489 - Flickering Fedora 24 Login Screen on RHEL 7 1361488 - system_reset should clear pending request for error (virtio-blk) 1375507 - "threads" option is overwritten if both "sockets" and "cores" is set on -smp 1377087 - shutdown rhel 5.11 guest failed and stop at "system halted" 1377977 - qemu-kvm coredump in vnc_raw_send_framebuffer_update [rhel-7.4] 1378541 - QEMU: update package summary and description 1419699 - CVE-2017-5898 Qemu: usb: integer overflow in emulated_apdu_from_guest 1419898 - Documentation inaccurate for __com.redhat_qxl_screendump and __com.redhat_drive_add 1425939 - CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit 1427176 - test cases of qemu-iotests failed 1430606 - Can't build qemu-kvm with newer spice packages 1433920 - Switch from librdmacm-devel to rdma-core-devel 1436280 - sample images for qemu-iotests are missing in the SRPM 1440987 - Remove texi2html build dependancy from RPM 1441778 - Stop building qemu-img for 32bit architectures. 1451470 - RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop 1452067 - migration can confuse serial port user 1456983 - Character device regression due to missing patch 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-141.el7.src.rpm x86_64: qemu-img-1.5.3-141.el7.x86_64.rpm qemu-kvm-1.5.3-141.el7.x86_64.rpm qemu-kvm-common-1.5.3-141.el7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-141.el7.x86_64.rpm qemu-kvm-tools-1.5.3-141.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-141.el7.src.rpm x86_64: qemu-img-1.5.3-141.el7.x86_64.rpm qemu-kvm-1.5.3-141.el7.x86_64.rpm qemu-kvm-common-1.5.3-141.el7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-141.el7.x86_64.rpm
[RHSA-2017:1950-01] Low: samba security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Low: samba security, bug fix, and enhancement update Advisory ID: RHSA-2017:1950-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1950 Issue date:2017-08-01 CVE Names: CVE-2017-9461 = 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es): * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1218926 - Samba ignores default_keytab_name in krb5.conf 1327810 - Option "printcap cache time = 1" doesn't have any impact 1356932 - the "ldap ssl" description for smb.conf is incorrectly defined 1377690 - libnss_wins.so.2 doesn't link against libreplace with rpath 1377729 - nss_wins has incorrect function definitions for gethostbyname* 1377751 - BADLOCK regression: smbclient fails to connect to Azure or Apple share; spnego fails with no mechListMIC 1389786 - [RFE] Samba add 'net ads dns unregister' command from Samba 4.5.0 1397871 - The krb5.conf created by net and winbind does not include the system /etc/krb5.conf 1397891 - SetPrinter info level 2 marshalling fails 1397895 - spoolss_AddPrinterDriver does not support APD_COPY_FROM_DIRECTORY 1401505 - idmap_hash failes to map SID to UID 1403242 - Samba can not access trusted domains through transitive trusts 1403975 - Trusted domains not working with Samba-Winbind 4.4 1416746 - Fix division by zero error in 05.system event script - ctdb 1420130 - samba_krb5_wrapper does not list devices when called with no arguments 1430755 - net ads join can't create keytab when 'kerberos method' is set to use a keytab 1430759 - use GSSAPI gss_acquire_cred_from call for gssproxy support 1431986 - expand_dfs plugin read_target_host() parameters 1448544 - Uploading 32-bit drivers to a Samba 4.6 print server fail 1459179 - Smbclient doesn't list Domain, OS and Server information 1459464 - CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks 1460937 - Winbind name normalization doesn't work for users 1461336 - Smbclient not working properly with winbind separator '+' 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.6.2-8.el7.src.rpm noarch: samba-common-4.6.2-8.el7.noarch.rpm x86_64: libsmbclient-4.6.2-8.el7.i686.rpm libsmbclient-4.6.2-8.el7.x86_64.rpm libwbclient-4.6.2-8.el7.i686.rpm libwbclient-4.6.2-8.el7.x86_64.rpm samba-client-4.6.2-8.el7.x86_64.rpm samba-client-libs-4.6.2-8.el7.i686.rpm samba-client-libs-4.6.2-8.el7.x86_64.rpm samba-common-libs-4.6.2-8.el7.x86_64.rpm samba-common-tools-4.6.2-8.el7.x86_64.rpm samba-debuginfo-4.6.2-8.el7.i686.rpm samba-debuginfo-4.6.2-8.el7.x86_64.rpm samba-krb5-printing-4.6.2-8.el7.x86_64.rpm samba-libs-4.6.2-8.el7.i686.rpm samba-libs-4.6.2-8.el7.x86_64.rpm samba-winbind-4.6.2-8.el7.x86_64.rpm
[RHSA-2017:1758-01] Important: Red Hat CloudForms security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat CloudForms security, bug fix, and enhancement update Advisory ID: RHSA-2017:1758-01 Product: Red Hat CloudForms Advisory URL: https://access.redhat.com/errata/RHSA-2017:1758 Issue date:2017-08-02 Cross references: RHSA-2017:1367 CVE Names: CVE-2016-7047 CVE-2017-2664 CVE-2017-7497 CVE-2017-7530 = 1. Summary: An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: CloudForms Management Engine 5.8 - noarch, x86_64 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. The following packages have been upgraded to a later upstream version: ansible (2.3.0.0), ansible-tower (3.1.3), cfme (5.8.1.5), cfme-appliance (5.8.1.5), cfme-gemset (5.8.1.5), rh-ruby23-rubygem-nokogiri (1.7.2). (BZ#1456017, BZ#1459318) Security Fix(es): * CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails applications portion of CloudForms to escalate privileges. (CVE-2017-2664) * It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs). (CVE-2017-7530) * The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant. (CVE-2017-7497) * A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. (CVE-2016-7047) The CVE-2017-2664 issue was discovered by Libor Pichler (Red Hat) and Martin Povolny (Red Hat); the CVE-2017-7530 issue was discovered by Tim Wade (Red Hat); the CVE-2017-7497 issue was discovered by Gellert Kis (Red Hat); and the CVE-2016-7047 issue was discovered by Simon Lukasik (Red Hat). Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1374215 - CVE-2016-7047 cfme: API leaks any MiqReportResult 1435393 - CVE-2017-2664 CloudForms: lack of RBAC on various methods in web UI 1438562 - [RFE] External Auth - AD - samba-common-tools and deps missing from appliance. 1439309 - Not able to see orders when not enough permission to see catalogs 1441321 - Access (Cockpit and HTML5) are inconsistent between Service and OPS UI 1444505 - "Collect" button is absent on slave server log collection page 1449273 - VM Hostname not displaying when RHV has FQDN 1450082 - Failed to remove interface from router - HA env. 1450087 - Cloud Router Summary does not show subnets which connected it - HA env. 1450150 - CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497 1450502 - [RFE] Custom Button must be supported at VM level in Service UI 1450518 - Openstack services missing on node page 1454445 - Containers with empty "imageID" field points to wrong images 1455685 - Azure provision still needs First/Last name 1456017 - [RFE] Install latest stable version of Ansible Core on the appliance. 1458333 - Containers - old archived container entities are not purged 1458337 - In my settings page at login Configuration management shouldn't be in Infrastructure 1458339 - It is impossible to
[RHSA-2017:2029-01] Moderate: openssh security, bug fix, and enhancement update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2017:2029-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2029 Issue date:2017-08-01 CVE Names: CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515 = 1. Summary: An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh (7.4p1). (BZ#1341754) Security Fix(es): * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) * It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515) * It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009) * It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011) * It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1357442 - CVE-2016-6210 openssh: User enumeration via covert timing channel 1360973 - Support of HostKeyAlgorithms for sshd 1364935 - CVE-2016-6515 openssh: Denial of service via very long passwords 1366400 - openssh-server doesn't support unix socket forwarding 1373835 - Ciphers and MACs enabled by default differ from upstream OpenSSH 6.7 with security implications. 1375179 - [RFE] RC4 and CBC ciphers shipped with openssh and openssh-server should be removed 1381997 - Systemctl reload sshd caused inactive service even if the service is running 1396400 - The ssh to RHEL7 ignores echo setting 1398569 - sftp/ssh ignores group permissions 1402424 - infinite loop, at 100% cpu in ssh if ^Z is pressed at password prompt 1406269 - CVE-2016-10009 openssh: loading of untrusted PKCS#11 modules in ssh-agent 1406286 - CVE-2016-10011 openssh: Leak of host private key material to privilege-separated child process via realloc() 1406293 - CVE-2016-10012 openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support 1418062 - openssh package openssh-6.6.1p1-33.el7_3 does not resolve chroot permission denied status. 1420910 - OpenSSH ciphers in practice do not meet the stated Common Criteria/FIPS approvals.
[RHSA-2017:2444-01] Important: kernel-rt security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:2444-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://access.redhat.com/errata/RHSA-2017:2444 Issue date:2017-08-08 CVE Names: CVE-2015-8970 CVE-2016-10200 CVE-2017-2647 = 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key. (CVE-2015-8970, Moderate) Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647 and Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970. Bug Fix(es): * Writing model-specific register (MSR) registers during intel_idle initialization could previously cause exceptions. Consequently, a kernel panic occurred during this initialization. The function call to write to the MSR with exception handling was modified to use wrmsrl_safe() instead of wrmsrl(). In this scenario, the kernel no longer panics. (BZ#1447438) * The ixgbe driver was using incorrect bitwise operations on received PTP flags. Consequently, systems that were using the ixgbe driver could not synchronize time using PTP. The provided patch corrected the bitwise operations on received PTP flags allowing these system to correctly synchronize time using PTP. (BZ#1469795) (BZ#1451821) The kernel-rt packages have been upgraded to version 3.10.0-514.rt56.230, which provides a number of security and bug fixes over the previous version. (BZ#1463427) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1386286 - CVE-2015-8970 kernel: crypto: GPF in lrw_crypt caused by null-deref 1428353 - CVE-2017-2647 kernel: Null pointer dereference in search_keyring 1430347 - CVE-2016-10200 kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature 1437675 - ftrace: pull upstream commits for correct selftest operation 1463427 - update the MRG 2.5.z 3.10 kernel-rt sources 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-514.rt56.231.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-514.rt56.231.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-514.rt56.231.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.231.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-514.rt56.231.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8970 https://access.redhat.com/security/cve/CVE-2016-10200
[RHSA-2017:2429-01] Important: kernel security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2017:2429-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2429 Issue date:2017-08-08 CVE Names: CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. Bug Fix(es): * If a VFC port became unmapped in the VIOS, it sometimes did not respond with a CRQ init complete following the H_REG_CRQ() call. As a consequence, scsi_block_requests were called until the init complete occurred. If not, I/O requests were hung. The provided patch ensures the host action stays set to IBMVFC_HOST_ACTION_TGT_DEL so that all rports are moved into devloss state unless an init complete is received. (BZ#1460210) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: kernel-2.6.32-573.45.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.45.1.el6.noarch.rpm kernel-doc-2.6.32-573.45.1.el6.noarch.rpm kernel-firmware-2.6.32-573.45.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.45.1.el6.x86_64.rpm kernel-debug-2.6.32-573.45.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.45.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.45.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.45.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.45.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.45.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.45.1.el6.x86_64.rpm kernel-devel-2.6.32-573.45.1.el6.x86_64.rpm kernel-headers-2.6.32-573.45.1.el6.x86_64.rpm perf-2.6.32-573.45.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.45.1.el6.i686.rpm perf-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.45.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.45.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm python-perf-2.6.32-573.45.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.45.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: kernel-2.6.32-573.45.1.el6.src.rpm i386: kernel-2.6.32-573.45.1.el6.i686.rpm kernel-debug-2.6.32-573.45.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.45.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.45.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.45.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.45.1.el6.i686.rpm kernel-devel-2.6.32-573.45.1.el6.i686.rpm kernel-headers-2.6.32-573.45.1.el6.i686.rpm perf-2.6.32-573.45.1.el6.i686.rpm perf-debuginfo-2.6.32-573.45.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.45.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.45.1.el6.noarch.rpm kernel-doc-2.6.32-573.45.1.el6.noarch.rpm kernel-firmware-2.6.32-573.45.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.45.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.45.1.el6.ppc64.rpm kernel-debug-2.6.32-573.45.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.45.1.el6.ppc64.rpm
[RHSA-2017:2428-01] Important: kernel security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2017:2428-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2428 Issue date:2017-08-08 CVE Names: CVE-2017-7895 = 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: kernel-2.6.32-431.82.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.82.1.el6.noarch.rpm kernel-doc-2.6.32-431.82.1.el6.noarch.rpm kernel-firmware-2.6.32-431.82.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.82.1.el6.x86_64.rpm kernel-debug-2.6.32-431.82.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.82.1.el6.x86_64.rpm kernel-devel-2.6.32-431.82.1.el6.x86_64.rpm kernel-headers-2.6.32-431.82.1.el6.x86_64.rpm perf-2.6.32-431.82.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: kernel-2.6.32-431.82.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.82.1.el6.noarch.rpm kernel-doc-2.6.32-431.82.1.el6.noarch.rpm kernel-firmware-2.6.32-431.82.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.82.1.el6.x86_64.rpm kernel-debug-2.6.32-431.82.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.82.1.el6.x86_64.rpm kernel-devel-2.6.32-431.82.1.el6.x86_64.rpm kernel-headers-2.6.32-431.82.1.el6.x86_64.rpm perf-2.6.32-431.82.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: kernel-2.6.32-431.82.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.82.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm python-perf-2.6.32-431.82.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: kernel-2.6.32-431.82.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.82.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm python-perf-2.6.32-431.82.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.82.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7895 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017