Jump to content
Compatible Support Forums

news

Members
 View Profile  See their activity

  • Content count

    80899

  • Joined

  • Last visited

    Never

  • Days Won

    18

Everything posted by news

  1. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subscription-manager security, bug fix, and enhancement update Advisory ID: RHSA-2017:0698-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0698.html Issue date: 2017-03-21 CVE Names: CVE-2016-4455 ===================================================================== 1. Summary: An update for subscription-manager, subscription-manager-migration-data, and python-rhsm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic (RHN) to Red Hat Subscription Management (RHSM). The python-rhsm packages provide a library for communicating with the representational state transfer (REST) interface of a Red Hat Unified Entitlement Platform. The Subscription Management tools use this interface to manage system entitlements, certificates, and access to content. The following packages have been upgraded to a later upstream version: subscription-manager (1.18.10), python-rhsm (1.18.6), subscription-manager-migration-data (2.0.34). (BZ#1383475, BZ#1385446, BZ#1385382) Security Fix(es): * It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack. (CVE-2016-4455) Red Hat would like to thank Robert Scheck for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176219 - subscription-manager repos --list with bad proxy options is silently using cache 1185914 - [RFE] rhn-migrate-classic-to-rhsm should give the option to remove RHN Classic related packages / daemons 1232472 - rhel-x86_64-server-sap-hana-6 channel maps are missing from channel-cert-mapping.txt 1283749 - Some GUI dialogs which should be error dialogs are information dialogs, breaking automated testing 1286842 - 'rhel-x86_64-server-6-rh-gluster-3-samba-debuginfo' channel map is missing from channel-cert-mapping.txt 1287925 - /bin/sh /etc/cron.daily/rhsmd does not stop. 1298140 - There is no proper icon in license window nor in date selection window for subscription-manager-gui 1301215 - The cmd "repos --list --proxy" with a fake proxy server url will not stop running. 1315591 - GUI : No network is thrown when you try to remove a subscription on the system with no network 1317613 - typo in src/subscription_manager/gui/data/ui/selectsla.ui 1320507 - Wrong prefix prompts when register using serverurl without prefix 1320597 - rhel-x86_64-server-hpn-fastrack-6 channel maps are absent from channel-cert-mapping.txt 1320607 - rhel-x86_64-server-hpn-6 channel maps are absent from channel-cert-mapping.txt 1320647 - rhn channels 'rhel-ARCH-workstation-6-thirdparty-oracle-java-beta' should maps to the Beta product cert, not the GA cert. 1321831 - When consumer ID has been deleted, the Back button and Next button should be disabled in Attaching window. 1323276 - Proxy dialog displays None:{None,3128} in field "Proxy Location" in some cases 1327179 - Subscription Manager cannot start when entitlement server is unreachable in case a proxy connection is used 1337817 - The 'Start-End Date' of expired subscription is not in red status when the subscription expired. 1340525 - CVE-2016-4455 subscription-manager: sensitive world readable files in /var/lib/rhsm/ 1351009 - Error when disable all repos by 'subscription-manager repos --disable=*' 1367128 - [RFE] upload FQDN with facts 1382355 - CLI Does Not Display Error Message When Auto-Attach has Failure 1383475 - Rebase subscription-manager component to the latest upstream branch for RHEL 6.9 1385382 - Rebase python-rhsm component to the latest upstream branch for RHEL 6.9 1385446 - Rebase subscription-manager-migration-data component to the latest upstream branch for RHEL 6.9 1389559 - logging to /var/log/rhsm/rhsm.log ceases after upgrade from rhel6.8 to rhel6.9 1390258 - rhn-migrate-classic-to-rhsm --keep --remove-rhn-packages should error out due to conflicting options 1390341 - rhn-migrate-classic-to-rhsm is failing to stop and disable services 1390688 - global name 'socket' is not defined 1390712 - man page for rhn-migrate-classic-to-rhsm needs a description for new option --remove-rhn-packages 1391681 - Zanata translations for subscription-manager 1.18 are not 100% 1393573 - subscription-manager-migration-data for RHEL6.9 needs RHEL6.9 product certs 1394351 - 'module' object has no attribute 'PROXY_AUTHENTICATION_REQUIRED' 1394776 - Registration fails with RemoteServerException: Server error attempting a GET to /subscription/users/stage_test_rhel69/owners returned status 404 1395659 - Firstboot : Exception occurs while trying to register via auth proxy with invalid credentials 1395662 - Firstboot: Exception occured while trying to register the system using activation-key with org and activation-key field empty 1395684 - GUI: No error dialogue when you try to register via auth proxy without selecting "Use Authentication with http proxy" option 1395794 - /usr/libexec/rhsmd is failing with ImportError: No module named decorator 1396405 - Message "an integer is required" is displayed when tired to list release versions against stage server 1397201 - AttributeError: 'module' object has no attribute 'BadStatusLine' 1400719 - AttributeError: 'ContentConnection' object has no attribute 'proxy_host' 1401078 - unrepeatable "BadStatusLine" tracebacks are silently encountered when stage testing 1402009 - subscription-manager stdout contains ESC[?1034h 1403387 - there is an error in processing the specified proxy arguments versus proxy configurations 1404930 - Unable to launch subscription-manager gui when configure invalid proxy in proxy url 1417731 - [ko][pt_BR] pofilter endwhitespace test fails for subscription-manager 1.18.X 1417736 - [pt_BR][fr][ja] pofilter accelerators test fails for subscription-manager 1.18.X 1417740 - [ko] pofilter startwhitespace test fails for subscription-manager 1.18.X 1417746 - [it][fr][es_ES][pt_BR] pofilter unchanged test fails for subscription-manager 1.18.X 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: python-rhsm-1.18.6-1.el6.src.rpm subscription-manager-1.18.10-1.el6.src.rpm subscription-manager-migration-data-2.0.34-1.el6.src.rpm i386: python-rhsm-1.18.6-1.el6.i686.rpm python-rhsm-certificates-1.18.6-1.el6.i686.rpm python-rhsm-debuginfo-1.18.6-1.el6.i686.rpm subscription-manager-1.18.10-1.el6.i686.rpm subscription-manager-debuginfo-1.18.10-1.el6.i686.rpm subscription-manager-firstboot-1.18.10-1.el6.i686.rpm subscription-manager-gui-1.18.10-1.el6.i686.rpm subscription-manager-migration-1.18.10-1.el6.i686.rpm noarch: subscription-manager-migration-data-2.0.34-1.el6.noarch.rpm x86_64: python-rhsm-1.18.6-1.el6.x86_64.rpm python-rhsm-certificates-1.18.6-1.el6.x86_64.rpm python-rhsm-debuginfo-1.18.6-1.el6.x86_64.rpm subscription-manager-1.18.10-1.el6.x86_64.rpm subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-firstboot-1.18.10-1.el6.x86_64.rpm subscription-manager-gui-1.18.10-1.el6.x86_64.rpm subscription-manager-migration-1.18.10-1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: subscription-manager-debuginfo-1.18.10-1.el6.i686.rpm subscription-manager-plugin-container-1.18.10-1.el6.i686.rpm x86_64: subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-plugin-container-1.18.10-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: python-rhsm-1.18.6-1.el6.src.rpm subscription-manager-1.18.10-1.el6.src.rpm subscription-manager-migration-data-2.0.34-1.el6.src.rpm noarch: subscription-manager-migration-data-2.0.34-1.el6.noarch.rpm x86_64: python-rhsm-1.18.6-1.el6.x86_64.rpm python-rhsm-certificates-1.18.6-1.el6.x86_64.rpm python-rhsm-debuginfo-1.18.6-1.el6.x86_64.rpm subscription-manager-1.18.10-1.el6.x86_64.rpm subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-migration-1.18.10-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-firstboot-1.18.10-1.el6.x86_64.rpm subscription-manager-gui-1.18.10-1.el6.x86_64.rpm subscription-manager-plugin-container-1.18.10-1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: python-rhsm-1.18.6-1.el6.src.rpm subscription-manager-1.18.10-1.el6.src.rpm subscription-manager-migration-data-2.0.34-1.el6.src.rpm i386: python-rhsm-1.18.6-1.el6.i686.rpm python-rhsm-certificates-1.18.6-1.el6.i686.rpm python-rhsm-debuginfo-1.18.6-1.el6.i686.rpm subscription-manager-1.18.10-1.el6.i686.rpm subscription-manager-debuginfo-1.18.10-1.el6.i686.rpm subscription-manager-firstboot-1.18.10-1.el6.i686.rpm subscription-manager-gui-1.18.10-1.el6.i686.rpm subscription-manager-migration-1.18.10-1.el6.i686.rpm noarch: subscription-manager-migration-data-2.0.34-1.el6.noarch.rpm ppc64: python-rhsm-1.18.6-1.el6.ppc64.rpm python-rhsm-certificates-1.18.6-1.el6.ppc64.rpm python-rhsm-debuginfo-1.18.6-1.el6.ppc64.rpm subscription-manager-1.18.10-1.el6.ppc64.rpm subscription-manager-debuginfo-1.18.10-1.el6.ppc64.rpm subscription-manager-firstboot-1.18.10-1.el6.ppc64.rpm subscription-manager-gui-1.18.10-1.el6.ppc64.rpm subscription-manager-migration-1.18.10-1.el6.ppc64.rpm s390x: python-rhsm-1.18.6-1.el6.s390x.rpm python-rhsm-certificates-1.18.6-1.el6.s390x.rpm python-rhsm-debuginfo-1.18.6-1.el6.s390x.rpm subscription-manager-1.18.10-1.el6.s390x.rpm subscription-manager-debuginfo-1.18.10-1.el6.s390x.rpm subscription-manager-firstboot-1.18.10-1.el6.s390x.rpm subscription-manager-gui-1.18.10-1.el6.s390x.rpm subscription-manager-migration-1.18.10-1.el6.s390x.rpm x86_64: python-rhsm-1.18.6-1.el6.x86_64.rpm python-rhsm-certificates-1.18.6-1.el6.x86_64.rpm python-rhsm-debuginfo-1.18.6-1.el6.x86_64.rpm subscription-manager-1.18.10-1.el6.x86_64.rpm subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-firstboot-1.18.10-1.el6.x86_64.rpm subscription-manager-gui-1.18.10-1.el6.x86_64.rpm subscription-manager-migration-1.18.10-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: subscription-manager-debuginfo-1.18.10-1.el6.i686.rpm subscription-manager-plugin-container-1.18.10-1.el6.i686.rpm ppc64: subscription-manager-debuginfo-1.18.10-1.el6.ppc64.rpm subscription-manager-plugin-container-1.18.10-1.el6.ppc64.rpm s390x: subscription-manager-debuginfo-1.18.10-1.el6.s390x.rpm subscription-manager-plugin-container-1.18.10-1.el6.s390x.rpm x86_64: subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-plugin-container-1.18.10-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: python-rhsm-1.18.6-1.el6.src.rpm subscription-manager-1.18.10-1.el6.src.rpm subscription-manager-migration-data-2.0.34-1.el6.src.rpm i386: python-rhsm-1.18.6-1.el6.i686.rpm python-rhsm-certificates-1.18.6-1.el6.i686.rpm python-rhsm-debuginfo-1.18.6-1.el6.i686.rpm subscription-manager-1.18.10-1.el6.i686.rpm subscription-manager-debuginfo-1.18.10-1.el6.i686.rpm subscription-manager-firstboot-1.18.10-1.el6.i686.rpm subscription-manager-gui-1.18.10-1.el6.i686.rpm subscription-manager-migration-1.18.10-1.el6.i686.rpm noarch: subscription-manager-migration-data-2.0.34-1.el6.noarch.rpm x86_64: python-rhsm-1.18.6-1.el6.x86_64.rpm python-rhsm-certificates-1.18.6-1.el6.x86_64.rpm python-rhsm-debuginfo-1.18.6-1.el6.x86_64.rpm subscription-manager-1.18.10-1.el6.x86_64.rpm subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-firstboot-1.18.10-1.el6.x86_64.rpm subscription-manager-gui-1.18.10-1.el6.x86_64.rpm subscription-manager-migration-1.18.10-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: subscription-manager-debuginfo-1.18.10-1.el6.i686.rpm subscription-manager-plugin-container-1.18.10-1.el6.i686.rpm x86_64: subscription-manager-debuginfo-1.18.10-1.el6.x86_64.rpm subscription-manager-plugin-container-1.18.10-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4455 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PVPXlSAg2UNWIIRArMdAJ9xIj8PVV0ztHRNuAakmN1xLVLhswCZAWNa nAPD+QePV0XBb9YPxXYETC0= =IVQw -----END PGP SIGNATURE----- --
  2. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: bash security and bug fix update Advisory ID: RHSA-2017:0725-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0725.html Issue date: 2017-03-21 CVE Names: CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 ===================================================================== 1. Summary: An update for bash is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634) * An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543) * A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1377613 - CVE-2016-0634 bash: Arbitrary code execution via malicious hostname 1379630 - CVE-2016-7543 bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution 1396383 - CVE-2016-9401 bash: popd controlled free 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: bash-4.1.2-48.el6.src.rpm i386: bash-4.1.2-48.el6.i686.rpm bash-debuginfo-4.1.2-48.el6.i686.rpm x86_64: bash-4.1.2-48.el6.x86_64.rpm bash-debuginfo-4.1.2-48.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bash-debuginfo-4.1.2-48.el6.i686.rpm bash-doc-4.1.2-48.el6.i686.rpm x86_64: bash-debuginfo-4.1.2-48.el6.x86_64.rpm bash-doc-4.1.2-48.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bash-4.1.2-48.el6.src.rpm x86_64: bash-4.1.2-48.el6.x86_64.rpm bash-debuginfo-4.1.2-48.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bash-debuginfo-4.1.2-48.el6.x86_64.rpm bash-doc-4.1.2-48.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bash-4.1.2-48.el6.src.rpm i386: bash-4.1.2-48.el6.i686.rpm bash-debuginfo-4.1.2-48.el6.i686.rpm ppc64: bash-4.1.2-48.el6.ppc64.rpm bash-debuginfo-4.1.2-48.el6.ppc64.rpm s390x: bash-4.1.2-48.el6.s390x.rpm bash-debuginfo-4.1.2-48.el6.s390x.rpm x86_64: bash-4.1.2-48.el6.x86_64.rpm bash-debuginfo-4.1.2-48.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: bash-debuginfo-4.1.2-48.el6.i686.rpm bash-doc-4.1.2-48.el6.i686.rpm ppc64: bash-debuginfo-4.1.2-48.el6.ppc64.rpm bash-doc-4.1.2-48.el6.ppc64.rpm s390x: bash-debuginfo-4.1.2-48.el6.s390x.rpm bash-doc-4.1.2-48.el6.s390x.rpm x86_64: bash-debuginfo-4.1.2-48.el6.x86_64.rpm bash-doc-4.1.2-48.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bash-4.1.2-48.el6.src.rpm i386: bash-4.1.2-48.el6.i686.rpm bash-debuginfo-4.1.2-48.el6.i686.rpm x86_64: bash-4.1.2-48.el6.x86_64.rpm bash-debuginfo-4.1.2-48.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bash-debuginfo-4.1.2-48.el6.i686.rpm bash-doc-4.1.2-48.el6.i686.rpm x86_64: bash-debuginfo-4.1.2-48.el6.x86_64.rpm bash-doc-4.1.2-48.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0634 https://access.redhat.com/security/cve/CVE-2016-7543 https://access.redhat.com/security/cve/CVE-2016-9401 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PXiXlSAg2UNWIIRAkzvAJ9AilUrzIuCwUxQdYRW0I9Vgfn4CgCeI5qM qqsmNOk843TXCuOsO5jEa8E= =3vnw -----END PGP SIGNATURE----- --
  3. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba4 security and bug fix update Advisory ID: RHSA-2017:0744-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0744.html Issue date: 2017-03-21 CVE Names: CVE-2016-2125 CVE-2016-2126 ===================================================================== 1. Summary: An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1403114 - CVE-2016-2125 samba: Unconditional privilege delegation to Kerberos servers in trusted realms 1403115 - CVE-2016-2126 samba: Flaws in Kerberos PAC validation can trigger privilege elevation 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba4-4.2.10-9.el6.src.rpm i386: samba4-4.2.10-9.el6.i686.rpm samba4-client-4.2.10-9.el6.i686.rpm samba4-common-4.2.10-9.el6.i686.rpm samba4-dc-4.2.10-9.el6.i686.rpm samba4-dc-libs-4.2.10-9.el6.i686.rpm samba4-debuginfo-4.2.10-9.el6.i686.rpm samba4-devel-4.2.10-9.el6.i686.rpm samba4-libs-4.2.10-9.el6.i686.rpm samba4-pidl-4.2.10-9.el6.i686.rpm samba4-python-4.2.10-9.el6.i686.rpm samba4-test-4.2.10-9.el6.i686.rpm samba4-winbind-4.2.10-9.el6.i686.rpm samba4-winbind-clients-4.2.10-9.el6.i686.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.i686.rpm x86_64: samba4-4.2.10-9.el6.x86_64.rpm samba4-client-4.2.10-9.el6.x86_64.rpm samba4-common-4.2.10-9.el6.x86_64.rpm samba4-dc-4.2.10-9.el6.x86_64.rpm samba4-dc-libs-4.2.10-9.el6.x86_64.rpm samba4-debuginfo-4.2.10-9.el6.x86_64.rpm samba4-devel-4.2.10-9.el6.x86_64.rpm samba4-libs-4.2.10-9.el6.x86_64.rpm samba4-pidl-4.2.10-9.el6.x86_64.rpm samba4-python-4.2.10-9.el6.x86_64.rpm samba4-test-4.2.10-9.el6.x86_64.rpm samba4-winbind-4.2.10-9.el6.x86_64.rpm samba4-winbind-clients-4.2.10-9.el6.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba4-4.2.10-9.el6.src.rpm x86_64: samba4-4.2.10-9.el6.x86_64.rpm samba4-client-4.2.10-9.el6.x86_64.rpm samba4-common-4.2.10-9.el6.x86_64.rpm samba4-dc-4.2.10-9.el6.x86_64.rpm samba4-dc-libs-4.2.10-9.el6.x86_64.rpm samba4-debuginfo-4.2.10-9.el6.x86_64.rpm samba4-devel-4.2.10-9.el6.x86_64.rpm samba4-libs-4.2.10-9.el6.x86_64.rpm samba4-pidl-4.2.10-9.el6.x86_64.rpm samba4-python-4.2.10-9.el6.x86_64.rpm samba4-test-4.2.10-9.el6.x86_64.rpm samba4-winbind-4.2.10-9.el6.x86_64.rpm samba4-winbind-clients-4.2.10-9.el6.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba4-4.2.10-9.el6.src.rpm i386: samba4-4.2.10-9.el6.i686.rpm samba4-client-4.2.10-9.el6.i686.rpm samba4-common-4.2.10-9.el6.i686.rpm samba4-dc-4.2.10-9.el6.i686.rpm samba4-dc-libs-4.2.10-9.el6.i686.rpm samba4-debuginfo-4.2.10-9.el6.i686.rpm samba4-devel-4.2.10-9.el6.i686.rpm samba4-libs-4.2.10-9.el6.i686.rpm samba4-pidl-4.2.10-9.el6.i686.rpm samba4-python-4.2.10-9.el6.i686.rpm samba4-test-4.2.10-9.el6.i686.rpm samba4-winbind-4.2.10-9.el6.i686.rpm samba4-winbind-clients-4.2.10-9.el6.i686.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.i686.rpm ppc64: samba4-4.2.10-9.el6.ppc64.rpm samba4-client-4.2.10-9.el6.ppc64.rpm samba4-common-4.2.10-9.el6.ppc64.rpm samba4-dc-4.2.10-9.el6.ppc64.rpm samba4-dc-libs-4.2.10-9.el6.ppc64.rpm samba4-debuginfo-4.2.10-9.el6.ppc64.rpm samba4-devel-4.2.10-9.el6.ppc64.rpm samba4-libs-4.2.10-9.el6.ppc64.rpm samba4-pidl-4.2.10-9.el6.ppc64.rpm samba4-python-4.2.10-9.el6.ppc64.rpm samba4-test-4.2.10-9.el6.ppc64.rpm samba4-winbind-4.2.10-9.el6.ppc64.rpm samba4-winbind-clients-4.2.10-9.el6.ppc64.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.ppc64.rpm s390x: samba4-4.2.10-9.el6.s390x.rpm samba4-client-4.2.10-9.el6.s390x.rpm samba4-common-4.2.10-9.el6.s390x.rpm samba4-dc-4.2.10-9.el6.s390x.rpm samba4-dc-libs-4.2.10-9.el6.s390x.rpm samba4-debuginfo-4.2.10-9.el6.s390x.rpm samba4-devel-4.2.10-9.el6.s390x.rpm samba4-libs-4.2.10-9.el6.s390x.rpm samba4-pidl-4.2.10-9.el6.s390x.rpm samba4-python-4.2.10-9.el6.s390x.rpm samba4-test-4.2.10-9.el6.s390x.rpm samba4-winbind-4.2.10-9.el6.s390x.rpm samba4-winbind-clients-4.2.10-9.el6.s390x.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.s390x.rpm x86_64: samba4-4.2.10-9.el6.x86_64.rpm samba4-client-4.2.10-9.el6.x86_64.rpm samba4-common-4.2.10-9.el6.x86_64.rpm samba4-dc-4.2.10-9.el6.x86_64.rpm samba4-dc-libs-4.2.10-9.el6.x86_64.rpm samba4-debuginfo-4.2.10-9.el6.x86_64.rpm samba4-devel-4.2.10-9.el6.x86_64.rpm samba4-libs-4.2.10-9.el6.x86_64.rpm samba4-pidl-4.2.10-9.el6.x86_64.rpm samba4-python-4.2.10-9.el6.x86_64.rpm samba4-test-4.2.10-9.el6.x86_64.rpm samba4-winbind-4.2.10-9.el6.x86_64.rpm samba4-winbind-clients-4.2.10-9.el6.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba4-4.2.10-9.el6.src.rpm i386: samba4-4.2.10-9.el6.i686.rpm samba4-client-4.2.10-9.el6.i686.rpm samba4-common-4.2.10-9.el6.i686.rpm samba4-dc-4.2.10-9.el6.i686.rpm samba4-dc-libs-4.2.10-9.el6.i686.rpm samba4-debuginfo-4.2.10-9.el6.i686.rpm samba4-devel-4.2.10-9.el6.i686.rpm samba4-libs-4.2.10-9.el6.i686.rpm samba4-pidl-4.2.10-9.el6.i686.rpm samba4-python-4.2.10-9.el6.i686.rpm samba4-test-4.2.10-9.el6.i686.rpm samba4-winbind-4.2.10-9.el6.i686.rpm samba4-winbind-clients-4.2.10-9.el6.i686.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.i686.rpm x86_64: samba4-4.2.10-9.el6.x86_64.rpm samba4-client-4.2.10-9.el6.x86_64.rpm samba4-common-4.2.10-9.el6.x86_64.rpm samba4-dc-4.2.10-9.el6.x86_64.rpm samba4-dc-libs-4.2.10-9.el6.x86_64.rpm samba4-debuginfo-4.2.10-9.el6.x86_64.rpm samba4-devel-4.2.10-9.el6.x86_64.rpm samba4-libs-4.2.10-9.el6.x86_64.rpm samba4-pidl-4.2.10-9.el6.x86_64.rpm samba4-python-4.2.10-9.el6.x86_64.rpm samba4-test-4.2.10-9.el6.x86_64.rpm samba4-winbind-4.2.10-9.el6.x86_64.rpm samba4-winbind-clients-4.2.10-9.el6.x86_64.rpm samba4-winbind-krb5-locator-4.2.10-9.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2125 https://access.redhat.com/security/cve/CVE-2016-2126 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html https://www.samba.org/samba/security/CVE-2016-2125.html https://www.samba.org/samba/security/CVE-2016-2126.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PYDXlSAg2UNWIIRAuDlAKCyaEBSSXFP4FpwlPq2aeSqpX+DWQCeIjyE z92Fk6IIfEI0tGbw3EQZXQw= =yv/o -----END PGP SIGNATURE----- --
  4. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ocaml security update Advisory ID: RHSA-2017:0565-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0565.html Issue date: 2017-03-21 CVE Names: CVE-2015-8869 ===================================================================== 1. Summary: An update for ocaml is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers (a fast bytecode compiler and an optimizing native-code compiler), an interactive top level system, parsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and a comprehensive library. Security Fix(es): * An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1332090 - CVE-2015-8869 ocaml: sizes arguments are sign-extended from 32 to 64 bits 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ocaml-3.11.2-5.el6.src.rpm i386: ocaml-3.11.2-5.el6.i686.rpm ocaml-camlp4-3.11.2-5.el6.i686.rpm ocaml-camlp4-devel-3.11.2-5.el6.i686.rpm ocaml-debuginfo-3.11.2-5.el6.i686.rpm ocaml-docs-3.11.2-5.el6.i686.rpm ocaml-emacs-3.11.2-5.el6.i686.rpm ocaml-labltk-3.11.2-5.el6.i686.rpm ocaml-labltk-devel-3.11.2-5.el6.i686.rpm ocaml-ocamldoc-3.11.2-5.el6.i686.rpm ocaml-runtime-3.11.2-5.el6.i686.rpm ocaml-source-3.11.2-5.el6.i686.rpm ocaml-x11-3.11.2-5.el6.i686.rpm x86_64: ocaml-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-devel-3.11.2-5.el6.x86_64.rpm ocaml-debuginfo-3.11.2-5.el6.x86_64.rpm ocaml-docs-3.11.2-5.el6.x86_64.rpm ocaml-emacs-3.11.2-5.el6.x86_64.rpm ocaml-labltk-3.11.2-5.el6.x86_64.rpm ocaml-labltk-devel-3.11.2-5.el6.x86_64.rpm ocaml-ocamldoc-3.11.2-5.el6.x86_64.rpm ocaml-runtime-3.11.2-5.el6.x86_64.rpm ocaml-source-3.11.2-5.el6.x86_64.rpm ocaml-x11-3.11.2-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ocaml-3.11.2-5.el6.src.rpm x86_64: ocaml-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-devel-3.11.2-5.el6.x86_64.rpm ocaml-debuginfo-3.11.2-5.el6.x86_64.rpm ocaml-docs-3.11.2-5.el6.x86_64.rpm ocaml-emacs-3.11.2-5.el6.x86_64.rpm ocaml-labltk-3.11.2-5.el6.x86_64.rpm ocaml-labltk-devel-3.11.2-5.el6.x86_64.rpm ocaml-ocamldoc-3.11.2-5.el6.x86_64.rpm ocaml-runtime-3.11.2-5.el6.x86_64.rpm ocaml-source-3.11.2-5.el6.x86_64.rpm ocaml-x11-3.11.2-5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ocaml-3.11.2-5.el6.src.rpm i386: ocaml-3.11.2-5.el6.i686.rpm ocaml-camlp4-3.11.2-5.el6.i686.rpm ocaml-camlp4-devel-3.11.2-5.el6.i686.rpm ocaml-debuginfo-3.11.2-5.el6.i686.rpm ocaml-docs-3.11.2-5.el6.i686.rpm ocaml-emacs-3.11.2-5.el6.i686.rpm ocaml-labltk-3.11.2-5.el6.i686.rpm ocaml-labltk-devel-3.11.2-5.el6.i686.rpm ocaml-ocamldoc-3.11.2-5.el6.i686.rpm ocaml-runtime-3.11.2-5.el6.i686.rpm ocaml-source-3.11.2-5.el6.i686.rpm ocaml-x11-3.11.2-5.el6.i686.rpm ppc64: ocaml-3.11.2-5.el6.ppc64.rpm ocaml-camlp4-3.11.2-5.el6.ppc64.rpm ocaml-camlp4-devel-3.11.2-5.el6.ppc64.rpm ocaml-debuginfo-3.11.2-5.el6.ppc64.rpm ocaml-docs-3.11.2-5.el6.ppc64.rpm ocaml-emacs-3.11.2-5.el6.ppc64.rpm ocaml-labltk-3.11.2-5.el6.ppc64.rpm ocaml-labltk-devel-3.11.2-5.el6.ppc64.rpm ocaml-ocamldoc-3.11.2-5.el6.ppc64.rpm ocaml-runtime-3.11.2-5.el6.ppc64.rpm ocaml-source-3.11.2-5.el6.ppc64.rpm ocaml-x11-3.11.2-5.el6.ppc64.rpm x86_64: ocaml-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-devel-3.11.2-5.el6.x86_64.rpm ocaml-debuginfo-3.11.2-5.el6.x86_64.rpm ocaml-docs-3.11.2-5.el6.x86_64.rpm ocaml-emacs-3.11.2-5.el6.x86_64.rpm ocaml-labltk-3.11.2-5.el6.x86_64.rpm ocaml-labltk-devel-3.11.2-5.el6.x86_64.rpm ocaml-ocamldoc-3.11.2-5.el6.x86_64.rpm ocaml-runtime-3.11.2-5.el6.x86_64.rpm ocaml-source-3.11.2-5.el6.x86_64.rpm ocaml-x11-3.11.2-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ocaml-3.11.2-5.el6.src.rpm i386: ocaml-3.11.2-5.el6.i686.rpm ocaml-camlp4-3.11.2-5.el6.i686.rpm ocaml-camlp4-devel-3.11.2-5.el6.i686.rpm ocaml-debuginfo-3.11.2-5.el6.i686.rpm ocaml-docs-3.11.2-5.el6.i686.rpm ocaml-emacs-3.11.2-5.el6.i686.rpm ocaml-labltk-3.11.2-5.el6.i686.rpm ocaml-labltk-devel-3.11.2-5.el6.i686.rpm ocaml-ocamldoc-3.11.2-5.el6.i686.rpm ocaml-runtime-3.11.2-5.el6.i686.rpm ocaml-source-3.11.2-5.el6.i686.rpm ocaml-x11-3.11.2-5.el6.i686.rpm x86_64: ocaml-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-3.11.2-5.el6.x86_64.rpm ocaml-camlp4-devel-3.11.2-5.el6.x86_64.rpm ocaml-debuginfo-3.11.2-5.el6.x86_64.rpm ocaml-docs-3.11.2-5.el6.x86_64.rpm ocaml-emacs-3.11.2-5.el6.x86_64.rpm ocaml-labltk-3.11.2-5.el6.x86_64.rpm ocaml-labltk-devel-3.11.2-5.el6.x86_64.rpm ocaml-ocamldoc-3.11.2-5.el6.x86_64.rpm ocaml-runtime-3.11.2-5.el6.x86_64.rpm ocaml-source-3.11.2-5.el6.x86_64.rpm ocaml-x11-3.11.2-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8869 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PODXlSAg2UNWIIRAjSzAJ451YOvztrJKd5IVIW+WxeSmOzYqQCgtuww mNqHWnvL0vxIZyRZBSgInro= =7LjI -----END PGP SIGNATURE----- --
  5. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security, bug fix, and enhancement update Advisory ID: RHSA-2017:0574-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0574.html Issue date: 2017-03-21 CVE Names: CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 ===================================================================== 1. Summary: An update for gnutls is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (BZ#1321112, BZ#1326073, BZ#1415682, BZ#1326389) Security Fix(es): * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1320982 - ASSERT failure in gnutls-cli-debug 1321112 - DHE_DSS ciphers don't work with client certificates and OpenSSL using TLSv1.2 1323215 - gnutls-serv --http crashes with client certificates with NSS client 1326073 - GnuTLS prefers SHA-1 signatures in TLSv1.2 1326389 - GnuTLS server does not accept SHA-384 and SHA-512 Certificate Verify signatures despite advertising support for them 1326886 - GnuTLS server rejects connections that do not advertise support for SHA-1 signature algorithms 1327656 - gnutls-serv: closing connection without sending an Alert message 1328205 - gnutls-cli won't send certificates that don't match hashes in Certificate Request 1333521 - Provide ability to set the expected server name in gnutls-serv utility 1335924 - gnutls: Disable TLS connections with less than 1024-bit DH parameters 1337460 - Disable/remove export ciphersuites in GnuTLS 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c 1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate 1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid 1415682 - Changes introduced by rebase to 2.12.23 break API and ABI compatibility for some libraries 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: gnutls-2.12.23-21.el6.src.rpm i386: gnutls-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-utils-2.12.23-21.el6.i686.rpm x86_64: gnutls-2.12.23-21.el6.i686.rpm gnutls-2.12.23-21.el6.x86_64.rpm gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-utils-2.12.23-21.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-devel-2.12.23-21.el6.i686.rpm gnutls-guile-2.12.23-21.el6.i686.rpm x86_64: gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-devel-2.12.23-21.el6.i686.rpm gnutls-devel-2.12.23-21.el6.x86_64.rpm gnutls-guile-2.12.23-21.el6.i686.rpm gnutls-guile-2.12.23-21.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: gnutls-2.12.23-21.el6.src.rpm x86_64: gnutls-2.12.23-21.el6.i686.rpm gnutls-2.12.23-21.el6.x86_64.rpm gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-utils-2.12.23-21.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-devel-2.12.23-21.el6.i686.rpm gnutls-devel-2.12.23-21.el6.x86_64.rpm gnutls-guile-2.12.23-21.el6.i686.rpm gnutls-guile-2.12.23-21.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: gnutls-2.12.23-21.el6.src.rpm i386: gnutls-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-devel-2.12.23-21.el6.i686.rpm gnutls-utils-2.12.23-21.el6.i686.rpm ppc64: gnutls-2.12.23-21.el6.ppc.rpm gnutls-2.12.23-21.el6.ppc64.rpm gnutls-debuginfo-2.12.23-21.el6.ppc.rpm gnutls-debuginfo-2.12.23-21.el6.ppc64.rpm gnutls-devel-2.12.23-21.el6.ppc.rpm gnutls-devel-2.12.23-21.el6.ppc64.rpm gnutls-utils-2.12.23-21.el6.ppc64.rpm s390x: gnutls-2.12.23-21.el6.s390.rpm gnutls-2.12.23-21.el6.s390x.rpm gnutls-debuginfo-2.12.23-21.el6.s390.rpm gnutls-debuginfo-2.12.23-21.el6.s390x.rpm gnutls-devel-2.12.23-21.el6.s390.rpm gnutls-devel-2.12.23-21.el6.s390x.rpm gnutls-utils-2.12.23-21.el6.s390x.rpm x86_64: gnutls-2.12.23-21.el6.i686.rpm gnutls-2.12.23-21.el6.x86_64.rpm gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-devel-2.12.23-21.el6.i686.rpm gnutls-devel-2.12.23-21.el6.x86_64.rpm gnutls-utils-2.12.23-21.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-guile-2.12.23-21.el6.i686.rpm ppc64: gnutls-debuginfo-2.12.23-21.el6.ppc.rpm gnutls-debuginfo-2.12.23-21.el6.ppc64.rpm gnutls-guile-2.12.23-21.el6.ppc.rpm gnutls-guile-2.12.23-21.el6.ppc64.rpm s390x: gnutls-debuginfo-2.12.23-21.el6.s390.rpm gnutls-debuginfo-2.12.23-21.el6.s390x.rpm gnutls-guile-2.12.23-21.el6.s390.rpm gnutls-guile-2.12.23-21.el6.s390x.rpm x86_64: gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-guile-2.12.23-21.el6.i686.rpm gnutls-guile-2.12.23-21.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: gnutls-2.12.23-21.el6.src.rpm i386: gnutls-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-devel-2.12.23-21.el6.i686.rpm gnutls-utils-2.12.23-21.el6.i686.rpm x86_64: gnutls-2.12.23-21.el6.i686.rpm gnutls-2.12.23-21.el6.x86_64.rpm gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-devel-2.12.23-21.el6.i686.rpm gnutls-devel-2.12.23-21.el6.x86_64.rpm gnutls-utils-2.12.23-21.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-guile-2.12.23-21.el6.i686.rpm x86_64: gnutls-debuginfo-2.12.23-21.el6.i686.rpm gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm gnutls-guile-2.12.23-21.el6.i686.rpm gnutls-guile-2.12.23-21.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2017-5335 https://access.redhat.com/security/cve/CVE-2017-5336 https://access.redhat.com/security/cve/CVE-2017-5337 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0POlXlSAg2UNWIIRAhsCAJ0f16s1qzndcPHdUSHLmbQGvbQvcACggquH 8b1zEPEmPqMh/S/pZTQy6OE= =e+1d -----END PGP SIGNATURE----- --
  6. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: coreutils security and bug fix update Advisory ID: RHSA-2017:0654-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0654.html Issue date: 2017-03-21 CVE Names: CVE-2017-2616 ===================================================================== 1. Summary: An update for coreutils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix(es): * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. (CVE-2017-2616) Red Hat would like to thank Tobias Stöckmann for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1321643 - Bug in /etc/profile.d/colorls.sh when using the ksh shell [el6] 1418710 - CVE-2017-2616 util-linux: Sending SIGKILL to other processes with root privileges via su 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: coreutils-8.4-46.el6.src.rpm i386: coreutils-8.4-46.el6.i686.rpm coreutils-debuginfo-8.4-46.el6.i686.rpm coreutils-libs-8.4-46.el6.i686.rpm x86_64: coreutils-8.4-46.el6.x86_64.rpm coreutils-debuginfo-8.4-46.el6.x86_64.rpm coreutils-libs-8.4-46.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: coreutils-8.4-46.el6.src.rpm x86_64: coreutils-8.4-46.el6.x86_64.rpm coreutils-debuginfo-8.4-46.el6.x86_64.rpm coreutils-libs-8.4-46.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: coreutils-8.4-46.el6.src.rpm i386: coreutils-8.4-46.el6.i686.rpm coreutils-debuginfo-8.4-46.el6.i686.rpm coreutils-libs-8.4-46.el6.i686.rpm ppc64: coreutils-8.4-46.el6.ppc64.rpm coreutils-debuginfo-8.4-46.el6.ppc64.rpm coreutils-libs-8.4-46.el6.ppc64.rpm s390x: coreutils-8.4-46.el6.s390x.rpm coreutils-debuginfo-8.4-46.el6.s390x.rpm coreutils-libs-8.4-46.el6.s390x.rpm x86_64: coreutils-8.4-46.el6.x86_64.rpm coreutils-debuginfo-8.4-46.el6.x86_64.rpm coreutils-libs-8.4-46.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: coreutils-8.4-46.el6.src.rpm i386: coreutils-8.4-46.el6.i686.rpm coreutils-debuginfo-8.4-46.el6.i686.rpm coreutils-libs-8.4-46.el6.i686.rpm x86_64: coreutils-8.4-46.el6.x86_64.rpm coreutils-debuginfo-8.4-46.el6.x86_64.rpm coreutils-libs-8.4-46.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2616 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PShXlSAg2UNWIIRAsDzAJ9rIuKes9g8dhnNL61X5kDNzEmBqACdFTop dIaDEKdFObp7QGbZs1T0ZZc= =/Cbw -----END PGP SIGNATURE----- --
  7. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security and bug fix update Advisory ID: RHSA-2017:0794-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0794.html Issue date: 2017-03-21 CVE Names: CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 CVE-2017-5495 ===================================================================== 1. Summary: An update for quagga is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix(es): * A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245) * A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342) * A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049) * A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495) * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 674862 - Add missing man pages in quagga package 770731 - Interface prefix advertisement declaration prevents ospf6d from starting 839620 - /etc/sysconfig/quagga defines QCONFDIR, init scripts do not use it 842308 - quagga daemon pidfiles remain after daemons are stopped 862826 - Correct spec to add watchquagga 981124 - CVE-2013-2236 Quagga: OSPFD Potential remote code exec (stack based buffer overflow) 1316571 - CVE-2016-2342 quagga: VPNv4 NLRI parser memcpys to stack on unchecked length 1331372 - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon 1386109 - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling 1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: quagga-0.99.15-14.el6.src.rpm i386: quagga-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm ppc64: quagga-0.99.15-14.el6.ppc64.rpm quagga-debuginfo-0.99.15-14.el6.ppc64.rpm s390x: quagga-0.99.15-14.el6.s390x.rpm quagga-debuginfo-0.99.15-14.el6.s390x.rpm x86_64: quagga-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: quagga-contrib-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm ppc64: quagga-contrib-0.99.15-14.el6.ppc64.rpm quagga-debuginfo-0.99.15-14.el6.ppc.rpm quagga-debuginfo-0.99.15-14.el6.ppc64.rpm quagga-devel-0.99.15-14.el6.ppc.rpm quagga-devel-0.99.15-14.el6.ppc64.rpm s390x: quagga-contrib-0.99.15-14.el6.s390x.rpm quagga-debuginfo-0.99.15-14.el6.s390.rpm quagga-debuginfo-0.99.15-14.el6.s390x.rpm quagga-devel-0.99.15-14.el6.s390.rpm quagga-devel-0.99.15-14.el6.s390x.rpm x86_64: quagga-contrib-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm quagga-devel-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: quagga-0.99.15-14.el6.src.rpm i386: quagga-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm x86_64: quagga-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: quagga-contrib-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm x86_64: quagga-contrib-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm quagga-devel-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2236 https://access.redhat.com/security/cve/CVE-2016-1245 https://access.redhat.com/security/cve/CVE-2016-2342 https://access.redhat.com/security/cve/CVE-2016-4049 https://access.redhat.com/security/cve/CVE-2017-5495 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PZlXlSAg2UNWIIRAk04AJ9quLI5264pSVvfyo8UnOkIRLPkxgCePk5v hgFzQjA6W9PSi1maCzaBHug= =Wvx0 -----END PGP SIGNATURE----- --
  8. news
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2017:0817-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0817.html Issue date: 2017-03-21 CVE Names: CVE-2016-10088 CVE-2016-10142 CVE-2016-2069 CVE-2016-2384 CVE-2016-6480 CVE-2016-7042 CVE-2016-7097 CVE-2016-8399 CVE-2016-9576 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate) * A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate) * A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate) * It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate) * It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate) * A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate) * It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate) * A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low) The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 847106 - ext2 tests hang while running fsfuzzer 1301893 - CVE-2016-2069 kernel: race condition in the TLB flush logic 1308444 - CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor 1325766 - RHEL6.7: NFSv3 client performance regression where ls -l takes too long with "aggressive readdirplus" commit 1362466 - CVE-2016-6480 kernel: scsi: aacraid: double fetch in ioctl_send_fib() 1368938 - CVE-2016-7097 kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit 1373966 - CVE-2016-7042 kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled 1403145 - CVE-2016-9576 kernel: Use after free in SCSI generic device interface 1403833 - CVE-2016-8399 kernel: net: Out of bounds stack read in memcpy_fromiovec 1412210 - CVE-2016-10088 kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression) 1415908 - CVE-2016-10142 kernel - IPV6 fragmentation flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-696.el6.src.rpm i386: kernel-2.6.32-696.el6.i686.rpm kernel-debug-2.6.32-696.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debug-devel-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm kernel-devel-2.6.32-696.el6.i686.rpm kernel-headers-2.6.32-696.el6.i686.rpm perf-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.el6.noarch.rpm kernel-doc-2.6.32-696.el6.noarch.rpm kernel-firmware-2.6.32-696.el6.noarch.rpm x86_64: kernel-2.6.32-696.el6.x86_64.rpm kernel-debug-2.6.32-696.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.el6.i686.rpm kernel-debug-devel-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm kernel-devel-2.6.32-696.el6.x86_64.rpm kernel-headers-2.6.32-696.el6.x86_64.rpm perf-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-696.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-696.el6.noarch.rpm kernel-doc-2.6.32-696.el6.noarch.rpm kernel-firmware-2.6.32-696.el6.noarch.rpm x86_64: kernel-2.6.32-696.el6.x86_64.rpm kernel-debug-2.6.32-696.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.el6.i686.rpm kernel-debug-devel-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm kernel-devel-2.6.32-696.el6.x86_64.rpm kernel-headers-2.6.32-696.el6.x86_64.rpm perf-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-696.el6.src.rpm i386: kernel-2.6.32-696.el6.i686.rpm kernel-debug-2.6.32-696.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debug-devel-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm kernel-devel-2.6.32-696.el6.i686.rpm kernel-headers-2.6.32-696.el6.i686.rpm perf-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.el6.noarch.rpm kernel-doc-2.6.32-696.el6.noarch.rpm kernel-firmware-2.6.32-696.el6.noarch.rpm ppc64: kernel-2.6.32-696.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.el6.ppc64.rpm kernel-debug-2.6.32-696.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.el6.ppc64.rpm kernel-devel-2.6.32-696.el6.ppc64.rpm kernel-headers-2.6.32-696.el6.ppc64.rpm perf-2.6.32-696.el6.ppc64.rpm perf-debuginfo-2.6.32-696.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.el6.ppc64.rpm s390x: kernel-2.6.32-696.el6.s390x.rpm kernel-debug-2.6.32-696.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.el6.s390x.rpm kernel-debug-devel-2.6.32-696.el6.s390x.rpm kernel-debuginfo-2.6.32-696.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.el6.s390x.rpm kernel-devel-2.6.32-696.el6.s390x.rpm kernel-headers-2.6.32-696.el6.s390x.rpm kernel-kdump-2.6.32-696.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.el6.s390x.rpm perf-2.6.32-696.el6.s390x.rpm perf-debuginfo-2.6.32-696.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.el6.s390x.rpm x86_64: kernel-2.6.32-696.el6.x86_64.rpm kernel-debug-2.6.32-696.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.el6.i686.rpm kernel-debug-devel-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm kernel-devel-2.6.32-696.el6.x86_64.rpm kernel-headers-2.6.32-696.el6.x86_64.rpm perf-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-696.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.el6.ppc64.rpm perf-debuginfo-2.6.32-696.el6.ppc64.rpm python-perf-2.6.32-696.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-696.el6.s390x.rpm kernel-debuginfo-2.6.32-696.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.el6.s390x.rpm perf-debuginfo-2.6.32-696.el6.s390x.rpm python-perf-2.6.32-696.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-696.el6.src.rpm i386: kernel-2.6.32-696.el6.i686.rpm kernel-debug-2.6.32-696.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debug-devel-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm kernel-devel-2.6.32-696.el6.i686.rpm kernel-headers-2.6.32-696.el6.i686.rpm perf-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.el6.noarch.rpm kernel-doc-2.6.32-696.el6.noarch.rpm kernel-firmware-2.6.32-696.el6.noarch.rpm x86_64: kernel-2.6.32-696.el6.x86_64.rpm kernel-debug-2.6.32-696.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.el6.i686.rpm kernel-debug-devel-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm kernel-devel-2.6.32-696.el6.x86_64.rpm kernel-headers-2.6.32-696.el6.x86_64.rpm perf-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-2.6.32-696.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.el6.i686.rpm perf-debuginfo-2.6.32-696.el6.i686.rpm python-perf-2.6.32-696.el6.i686.rpm python-perf-debuginfo-2.6.32-696.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.el6.x86_64.rpm perf-debuginfo-2.6.32-696.el6.x86_64.rpm python-perf-2.6.32-696.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-10088 https://access.redhat.com/security/cve/CVE-2016-10142 https://access.redhat.com/security/cve/CVE-2016-2069 https://access.redhat.com/security/cve/CVE-2016-2384 https://access.redhat.com/security/cve/CVE-2016-6480 https://access.redhat.com/security/cve/CVE-2016-7042 https://access.redhat.com/security/cve/CVE-2016-7097 https://access.redhat.com/security/cve/CVE-2016-8399 https://access.redhat.com/security/cve/CVE-2016-9576 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PauXlSAg2UNWIIRAtSfAKC8sQfht134oUfec4ggIEa8jkjXMgCeP5bw HKjCaYBkw7DdfdypB4+Q5MA= =JUIp -----END PGP SIGNATURE----- --
  9. news
    GNOME Online Accounts provides interfaces so that applications and libraries in GNOME can access the user's online accounts. It has providers for Google, ownCloud, Facebook, Flickr, Windows Live, Pocket, Foursquare, Microsoft Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos. Overview of changes in 3.24.0 ============================= * Updated translations: Czech Danish Finnish French Friulian Galician German Hungarian Indonesian Italian Kazakh Korean Latvian Lithuanian Polish Portuguese (Brazilian) Russian Slovak Swedish Turkish Ukrainian Bugs: https://bugzilla.gnome.org/enter_bug.cgi?product=gnome-online-accounts Design: https://wiki.gnome.org/Design/SystemSettings/OnlineAccounts Download: http://download.gnome.org/sources/gnome-online-accounts/3.24/ Git: http://git.gnome.org/browse/gnome-online-accounts Website: https://wiki.gnome.org/Projects/GnomeOnlineAccounts Happy hacking, Debarshi _______________________________________________
  10. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0780-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-437=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-437=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_66-default-2-2.1 kgraft-patch-3_12_61-52_66-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-2-2.1 kgraft-patch-3_12_61-52_66-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  11. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0780-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-437=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-437=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_66-default-2-2.1 kgraft-patch-3_12_61-52_66-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-2-2.1 kgraft-patch-3_12_61-52_66-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  12. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0778-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-434=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  13. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0781-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-433=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  14. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0779-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.38-93 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-438=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  15. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0776-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-436=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_24-default-3-2.1 kgraft-patch-3_12_67-60_64_24-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  16. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0777-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-435=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  17. news
    As of about two minutes ago, zesty has entered the final beta freeze, with a goal of releasing Final Beta images sometime late Thursday. The queue freeze will last from now until final release in April, which means that all seeded packages will now need a spot-check and review in the queue from a release team member before they are let into the archive. As with the previous releases, we have a bot in place that will accept uploads that are unseeded and don't affect images. Don't take this as an open invitation to break Feature Freeze on those components, this is just to reduce the burden on the release team, so we only review the uploads that need very serious consideration. If you find the bot is blocking an upload that you think should have been auto-accepted, let us know and we'll sort it out. I will be spinning a set of beta candidates after proposed-migration has settled later tonight which I encourage people to get to testing ASAP for their favourite flavour(s) as they come off the line. Happy bug-hunting from now until the final release, and please do help out and test ISOs, netboot, etc, where you can and let us know what's broken in your environment(s). On behalf of the Ubuntu Release Team, Adam Conrad --
  18. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0767-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-421=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-421=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-7-2.1 kgraft-patch-3_12_60-52_54-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-7-2.1 kgraft-patch-3_12_60-52_54-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  19. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0766-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-424=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-424=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_63-default-3-2.1 kgraft-patch-3_12_60-52_63-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-3-2.1 kgraft-patch-3_12_60-52_63-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  20. news
    openSUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0765-1 Rating: important References: #1029822 Cross-References: CVE-2017-5428 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Mozilla Firefox was updated to 52.0.1 to fix one security issue: - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822, MFSA 2017-08) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-368=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-368=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): MozillaFirefox-52.0.1-57.3.1 MozillaFirefox-branding-upstream-52.0.1-57.3.1 MozillaFirefox-buildsymbols-52.0.1-57.3.1 MozillaFirefox-debuginfo-52.0.1-57.3.1 MozillaFirefox-debugsource-52.0.1-57.3.1 MozillaFirefox-devel-52.0.1-57.3.1 MozillaFirefox-translations-common-52.0.1-57.3.1 MozillaFirefox-translations-other-52.0.1-57.3.1 - openSUSE Leap 42.1 (x86_64): MozillaFirefox-52.0.1-58.1 MozillaFirefox-branding-upstream-52.0.1-58.1 MozillaFirefox-buildsymbols-52.0.1-58.1 MozillaFirefox-debuginfo-52.0.1-58.1 MozillaFirefox-debugsource-52.0.1-58.1 MozillaFirefox-devel-52.0.1-58.1 MozillaFirefox-translations-common-52.0.1-58.1 MozillaFirefox-translations-other-52.0.1-58.1 References: https://www.suse.com/security/cve/CVE-2017-5428.html https://bugzilla.suse.com/1029822 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  21. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0768-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-432=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-4-11.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  22. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0764-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-431=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-4-2.1 kgraft-patch-3_12_67-60_64_21-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
  23. news
    AT-SPI 2.24.0 is now available for download at: http://download.gnome.org/sources/at-spi2-core/2.24/ http://download.gnome.org/sources/at-spi2-atk/2.24/ http://download.gnome.org/sources/pyatspi/2.24/ What is AT-SPI2 =============== AT-SPI2 is a D-Bus based accessibility framework. It defines a D-Bus protocol for providing and accessing application accessibility information. The project includes a library for bridging the D-Bus protocol to the ATK API, allowing Gtk based applications to be made accessible. It also contains a client (AT) side library in C and a wrapper for Python. What's changed in AT-SPI 2.24.0 =============== * [atk] Remove atk_table_cell_get_column_index test, as the at-spi2-core function no longer exists and never worked anyway. * [pyatspi] Remove an invalid escape sequence (bgo#780030). * [pyatspi] Rename enum to atspienum, to avoid conflict with the stdlib enum class and allow running on python 3.6. Where can I get more information about AT-SPI2 ============================================== The project wiki is available at: http://www.a11y.org/d-bus How can I contribute to AT-SPI2? ================================ We need help testing with Gnome accessibility technologies, improving performance, and generally tying up loose ends. The above-referenced page contains a list of known issues that should be fixed. IRC : #a11y on Gimpnet E-Mail: accessibility-atspi ( -at -) lists.linux-foundation.org Development repositories can be found at: git://git.gnome.org/pyatspi2 git://git.gnome.org/at-spi2-core git://git.gnome.org/at-spi2-atk _______________________________________________
  24. news

    at-spi2-core 2.22.1

    news posted a topic in Upcoming News

    At-spi2-core 2.22.1 is now available for download at: http://download.gnome.org/sources/at-spi2-core/2.22/ What is AT-SPI2 =============== AT-SPI2 is a D-Bus based accessibility framework. It defines a D-Bus protocol for providing and accessing application accessibility information. The project includes a library for bridging the D-Bus protocol to the ATK API, allowing Gtk based applications to be made accessible. It also contains a client (AT) side library in C and a wrapper for Python. What's changed in AT-SPI 2.22.1 =============== * Fix an occasional crash when closing an application (bgo#767074). * Add missing prototype for atspi_table_cell_get_position. Where can I get more information about AT-SPI2 ============================================== The project wiki is available at: http://www.a11y.org/d-bus How can I contribute to AT-SPI2? ================================ We need help testing with Gnome accessibility technologies, improving performance, and generally tying up loose ends. The above-referenced page contains a list of known issues that should be fixed. IRC : #a11y on Gimpnet E-Mail: accessibility-atspi ( -at -) lists.linux-foundation.org Development repositories can be found at: git://git.gnome.org/pyatspi2 git://git.gnome.org/at-spi2-core git://git.gnome.org/at-spi2-atk _______________________________________________
  25. news
    SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0769-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-420=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-420=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-7-2.1 kgraft-patch-3_12_60-52_49-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-7-2.1 kgraft-patch-3_12_60-52_49-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org
×