The OVAL Repository5.42015-09-03T06:24:24.443-04:00RHSA-2015:0808 -- java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6CentOS Linux 5java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0809 -- java-1.8.0-openjdk security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6java-1.8.0-openjdkThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDCESA-2015:0998 -- centos 6 qemu-kvm,qemu-guest-agentCentOS Linux 6qemu-kvmqemu-guest-agentKVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host"s QEMU process corresponding to the guest. Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCESA-2015:1115 -- centos 6 opensslCentOS Linux 6opensslOpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1974 -- rpm security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 6CentOS Linux 5rpmThe RPM Package Manager (RPM) is a powerful command line driven package
management system capable of installing, uninstalling, verifying, querying,
and updating software packages. Each software package consists of an
archive of files along with information about the package such as its
version, description, and other information.
It was found that RPM wrote file contents to the target installation
directory under a temporary name, and verified its cryptographic signature
only after the temporary file has been written completely. Under certain
conditions, the system interprets the unverified temporary file contents
and extracts commands from it. This could allow an attacker to modify
signed RPM files in such a way that they would execute code chosen by the
attacker during package installation. (CVE-2013-6435)
This issue was discovered by Florian Weimer of Red Hat Product Security.
All rpm users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
linked against the RPM library must be restarted for this update to take
effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1983 -- xorg-x11-server security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6xorg-x11-serverX.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
Multiple integer overflow flaws and out-of-bounds write flaws were found in
the way the X.Org server calculated memory requirements for certain X11
core protocol and GLX extension requests. A malicious, authenticated client
could use either of these flaws to crash the X.Org server or, potentially,
execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093,
CVE-2014-8098)
It was found that the X.Org server did not properly handle SUN-DES-1
(Secure RPC) authentication credentials. A malicious, unauthenticated
client could use this flaw to crash the X.Org server by submitting a
specially crafted authentication request. (CVE-2014-8091)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server, or leak memory contents to the client. (CVE-2014-8097)
An integer overflow flaw was found in the way the X.Org server calculated
memory requirements for certain DRI2 extension requests. A malicious,
authenticated client could use this flaw to crash the X.Org server.
(CVE-2014-8094)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,
CVE-2014-8101, CVE-2014-8102, CVE-2014-8103)
All xorg-x11-server users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0806 -- java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1984 -- bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7CentOS Linux 5bindThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
A denial of service flaw was found in the way BIND followed DNS
delegations. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and processed,
would cause named to use excessive amounts of memory or crash.
(CVE-2014-8500)
All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:2021 -- jasper security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7jasperJasPer is an implementation of Part 1 of the JPEG 2000 image compression
standard.
Multiple off-by-one flaws, leading to heap-based buffer overflows, were
found in the way JasPer decoded JPEG 2000 image files. A specially crafted
file could cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-9029)
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138)
A double free flaw was found in the way JasPer parsed ICC color profiles in
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137)
Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Jose Duart of the Google Security Team as the original
reporter.
All JasPer users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All applications using
the JasPer libraries must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:2024 -- ntp security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6ntpThe Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(),
ctl_putdata(), and configure() functions. A remote attacker could use
either of these flaws to send a specially crafted request packet that could
crash ntpd or, potentially, execute arbitrary code with the privileges of
the ntp user. Note: the crypto_recv() flaw requires non-default
configurations to be active, while the ctl_putdata() flaw, by default, can
only be exploited via local attackers, and the configure() flaw requires
additional authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its internal
use if no ntpdc request authentication key was specified in the ntp.conf
configuration file. A remote attacker able to match the configured IP
restrictions could guess the generated key, and possibly use it to send
ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5 keys.
This could possibly allow an attacker to guess generated MD5 keys that
could then be used to spoof an NTP client or server. Note: it is
recommended to regenerate any MD5 keys that had explicitly been generated
with ntp-keygen; the default installation does not contain such keys).
(CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will restart automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1924 -- thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593)
A flaw was found in the Alarm API, which could allow applications to
schedule actions to be run in the future. A malicious web application could
use this flaw to bypass the same-origin policy. (CVE-2014-1594)
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
This update disables SSL 3.0 support by default in Thunderbird. Details on
how to re-enable SSL 3.0 support are available at:
<A HREF="https://access.redhat.com/articles/1284233">https://access.redhat.com/articles/1284233</A>
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse
Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya,
and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 31.3.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 31.3.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0092 -- glibc security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7glibcThe glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls. A remote attacker able to make
an application call either of these functions could use this flaw to
execute arbitrary code with the permissions of the user running the
application. (CVE-2015-0235)
Red Hat would like to thank Qualys for reporting this issue.
All glibc users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1870 -- libXfont security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7libXfontThe libXfont packages provide the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.
A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A malicious,
local user could exploit this issue to potentially execute arbitrary code
with the privileges of the X.Org server. (CVE-2014-0209)
Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)
Red Hat would like to thank the X.org project for reporting these issues.
Upstream acknowledges Ilja van Sprundel as the original reporter.
Users of libXfont should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running X.Org server instances
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1999 -- mailx security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7mailxThe mailx packages contain a mail user agent that is used to manage mail
using scripts.
A flaw was found in the way mailx handled the parsing of email addresses.
A syntactically valid email address could allow a local attacker to cause
mailx to execute arbitrary shell commands through shell meta-characters and
the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)
Note: Applications using mailx to send email to addresses obtained from
untrusted sources will still remain vulnerable to other attacks if they
accept email addresses which start with "-" (so that they can be confused
with mailx options). To counteract this issue, this update also introduces
the "--" option, which will treat the remaining command line arguments as
email addresses.
All mailx users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1803 -- mod_auth_mellon security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mod_auth_mellonmod_auth_mellon provides a SAML 2.0 authentication module for the Apache
HTTP Server.
An information disclosure flaw was found in mod_auth_mellon's session
handling that could lead to sessions overlapping in memory. A remote
attacker could potentially use this flaw to obtain data from another user's
session. (CVE-2014-8566)
It was found that uninitialized data could be read when processing a user's
logout request. By attempting to log out, a user could possibly cause the
Apache HTTP Server to crash. (CVE-2014-8567)
Red Hat would like to thank the mod_auth_mellon team for reporting these
issues. Upstream acknowledges Matthew Slowe as the original reporter of
CVE-2014-8566.
All users of mod_auth_mellon are advised to upgrade to this updated
package, which contains a backported patch to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1764 -- wget security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6wgetThe wget package provides the GNU Wget file retrieval utility for HTTP,
HTTPS, and FTP protocols.
A flaw was found in the way Wget handled symbolic links. A malicious FTP
server could allow Wget running in the mirror mode (using the '-m' command
line option) to write an arbitrary file to a location writable to by the
user running Wget, possibly leading to code execution. (CVE-2014-4877)
Note: This update changes the default value of the --retr-symlinks option.
The file symbolic links are now traversed by default and pointed-to files
are retrieved rather than creating a symbolic link locally.
Red Hat would like to thank the GNU Wget project for reporting this issue.
Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter.
All users of wget are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1873 -- libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libvirtThe libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.
In addition, libvirt provides tools for remote management of
virtualized systems.
An out-of-bounds read flaw was found in the way libvirt's
qemuDomainGetBlockIoTune() function looked up the disk index in a
non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd or,
potentially, leak memory from the libvirtd process. (CVE-2014-3633)
A denial of service flaw was found in the way libvirt's
virConnectListAllDomains() function computed the number of used domains.
A remote attacker able to establish a read-only connection to libvirtd
could use this flaw to make any domain operations within libvirt
unresponsive. (CVE-2014-3657)
It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the
QEMU driver implementation of the virDomainGetXMLDesc() function could
bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote
attacker able to establish a read-only connection to libvirtd could use
this flaw to leak certain limited information from the domain XML data.
(CVE-2014-7823)
The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat.
This update also fixes the following bug:
When dumping migratable XML configuration of a domain, libvirt removes some
automatically added devices for compatibility with older libvirt releases.
If such XML is passed to libvirt as a domain XML that should be used during
migration, libvirt checks this XML for compatibility with the internally
stored configuration of the domain. However, prior to this update, these
checks failed because of devices that were missing (the same devices
libvirt removed). As a consequence, migration with user-supplied migratable
XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM
domains with OpenStack always failed. With this update, before checking
domain configurations for compatibility, libvirt transforms both
user-supplied and internal configuration into a migratable form
(automatically added devices are removed) and checks those instead. Thus,
no matter whether the user-supplied configuration was generated as
migratable or not, libvirt does not err about missing devices, and
migration succeeds as expected. (BZ#1155564)
All libvirt users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, libvirtd will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1826 -- libvncserver security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7libvncserverLibVNCServer is a library that allows for easy creation of VNC server or
client functionality.
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way screen sizes were handled by LibVNCServer. A malicious VNC
server could use this flaw to cause a client to crash or, potentially,
execute arbitrary code in the client. (CVE-2014-6051)
A NULL pointer dereference flaw was found in LibVNCServer's framebuffer
setup. A malicious VNC server could use this flaw to cause a VNC client to
crash. (CVE-2014-6052)
A NULL pointer dereference flaw was found in the way LibVNCServer handled
certain ClientCutText message. A remote attacker could use this flaw to
crash the VNC server by sending a specially crafted ClientCutText message
from a VNC client. (CVE-2014-6053)
A divide-by-zero flaw was found in the way LibVNCServer handled the scaling
factor when it was set to "0". A remote attacker could use this flaw to
crash the VNC server using a malicious VNC client. (CVE-2014-6054)
Two stack-based buffer overflow flaws were found in the way LibVNCServer
handled file transfers. A remote attacker could use this flaw to crash the
VNC server using a malicious VNC client. (CVE-2014-6055)
Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Nicolas Ruff as the original reporter.
All libvncserver users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libvncserver must be restarted for this update
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1911 -- ruby security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6rubyRuby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.
Multiple denial of service flaws were found in the way the Ruby REXML XML
parser performed expansion of parameter entities. A specially crafted XML
document could cause REXML to use an excessive amount of CPU and memory.
(CVE-2014-8080, CVE-2014-8090)
The CVE-2014-8090 issue was discovered by Red Hat Product Security.
All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Ruby need to be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7nssNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1767 -- php security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the Exif extension. A specially crafted
JPEG or TIFF file could cause a PHP application using the exif_thumbnail()
function to crash or, possibly, execute arbitrary code with the privileges
of the user running that PHP application. (CVE-2014-3670)
An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)
An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF) files.
A remote attacker could use this flaw to crash a PHP application using
fileinfo via a specially crafted ELF file. (CVE-2014-3710)
An out of bounds read flaw was found in the way the xmlrpc extension parsed
dates in the ISO 8601 format. A specially crafted XML-RPC request or
response could possibly cause a PHP application to crash. (CVE-2014-3668)
The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat
Product Security.
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1843 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1919 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593)
A flaw was found in the Alarm API, which could allow applications to
schedule actions to be run in the future. A malicious web application could
use this flaw to bypass the same-origin policy. (CVE-2014-1594)
This update disables SSL 3.0 support by default in Firefox. Details on how
to re-enable SSL 3.0 support are available at:
<A HREF="https://access.redhat.com/articles/1283153">https://access.redhat.com/articles/1283153</A>
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse
Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya,
and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 31.3.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.3.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1997 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1319: xerces-j2 security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7xerces-j2Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2 packages
provide Xerces-J version 2.
A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a specially
crafted declaration using a long pseudo-attribute name that, when parsed by
an application using Xerces-J, would cause that application to use an
excessive amount of CPU. (CVE-2013-4002)
All xerces-j2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using the
Xerces-J must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1536 -- libguestfs security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libguestfsLibguestfs is a library and set of tools for accessing and modifying guest
disk images.
It was found that guestfish, which enables shell scripting and command line
access to libguestfs, insecurely created the temporary directory used to
store the network socket when started in server mode. A local attacker
could use this flaw to intercept and modify other user's guestfish command,
allowing them to perform arbitrary guestfish actions with the privileges of
a different user, or use this flaw to obtain authentication credentials.
(CVE-2013-4419)
This issue was discovered by Michael Scherer of the Red Hat Regional IT
team.
These updated libguestfs packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All libguestfs users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add these
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1553 -- qemu-kvm security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmKVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat
Enterprise Linux kernel. The qemu-kvm packages form the user-space
component for running virtual machines using KVM.
A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT
LUNS" command when more than 256 LUNs were specified for a single SCSI
target. A privileged guest user could use this flaw to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)
This issue was discovered by Asias He of Red Hat.
These updated qemu-kvm packages include numerous bug fixes and various
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. After installing this update, shut down all running virtual
machines. Once all virtual machines have shut down, start them again for
this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1326: php53 and php security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6php53phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP's fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.
It was found that the fix for CVE-2012-1571 was incomplete; the File
Information (fileinfo) extension did not correctly parse certain Composite
Document Format (CDF) files. A remote attacker could use this flaw to crash
a PHP application using fileinfo via a specially crafted CDF file.
(CVE-2014-3587)
A NULL pointer dereference flaw was found in the gdImageCreateFromXpm()
function of PHP's gd extension. A remote attacker could use this flaw to
crash a PHP application using gd via a specially crafted X PixMap (XPM)
file. (CVE-2014-2497)
Multiple buffer over-read flaws were found in the php_parserr() function of
PHP. A malicious DNS server or a man-in-the-middle attacker could possibly
use this flaw to execute arbitrary code as the PHP interpreter if a PHP
application used the dns_get_record() function to perform a DNS query.
(CVE-2014-3597)
Two use-after-free flaws were found in the way PHP handled certain Standard
PHP Library (SPL) Iterators and ArrayIterators. A malicious script author
could possibly use either of these flaws to disclose certain portions of
server memory. (CVE-2014-4670, CVE-2014-4698)
The CVE-2014-3597 issue was discovered by David KutГЎlek of the Red Hat
BaseOS QE.
All php53 and php users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1661 -- RDMA stack security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6infinipath-psmlibibverbslibmlx4librdmacmopenmpirdmaibutilsmpitestsmstflintperftestqperfRed Hat Enterprise Linux includes a collection of Infiniband and iWARP
utilities, libraries and development packages for writing applications that
use Remote Direct Memory Access (RDMA) technology.
A flaw was found in the way ibutils handled temporary files. A local
attacker could use this flaw to cause arbitrary files to be overwritten as
the root user via a symbolic link attack. (CVE-2013-2561)
It was discovered that librdmacm used a static port to connect to the
ib_acm service. A local attacker able to run a specially crafted ib_acm
service on that port could use this flaw to provide incorrect address
resolution information to librmdacm applications. (CVE-2012-4516)
The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.
This advisory updates the following packages to the latest upstream
releases, providing a number of bug fixes and enhancements over the
previous versions:
* libibverbs-1.1.7
* libmlx4-1.0.5
* librdmacm-1.0.17
* mstflint-3.0
* perftest-2.0
* qperf-0.4.9
* rdma-3.10
Several bugs have been fixed in the openmpi, mpitests, ibutils, and
infinipath-psm packages.
The most notable changes in these updated packages from the RDMA stack are
the following:
* Multiple bugs in the Message Passing Interface (MPI) test packages were
resolved, allowing more of the mpitest applications to pass on the
underlying MPI implementations.
* The libmlx4 package now includes dracut module files to ensure that any
necessary custom configuration of mlx4 port types is included in the
initramfs dracut builds.
* Multiple test programs in the perftest and qperf packages now work
properly over RoCE interfaces, or when specifying the use of rdmacm
queue pairs.
* The mstflint package has been updated to the latest upstream version,
which is now capable of burning firmware on newly released Mellanox
Connect-IB hardware.
* A compatibility problem between the openmpi and infinipath-psm packages
has been resolved with new builds of these packages.
All RDMA users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add
these enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)
It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)
It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)
It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)
The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.
This update also fixes the following bug:
* The TLS/SSL implementation in OpenJDK previously failed to handle
Diffie-Hellman (DH) keys with more than 1024 bits. This caused client
applications using JSSE to fail to establish TLS/SSL connections to servers
using larger DH keys during the connection handshake. This update adds
support for DH keys with size up to 2048 bits. (BZ#1148309)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1416 -- kdelibs security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6kdelibsThe kdelibs packages provide libraries for the K Desktop Environment
(KDE). Konqueror is a web browser.
A heap-based buffer overflow flaw was found in the way the CSS (Cascading
Style Sheets) parser in kdelibs parsed the location of the source for font
faces. A web page containing malicious content could cause an application
using kdelibs (such as Konqueror) to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2012-4512)
A heap-based buffer over-read flaw was found in the way kdelibs calculated
canvas dimensions for large images. A web page containing malicious content
could cause an application using kdelibs to crash or disclose portions of
its memory. (CVE-2012-4513)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The desktop must be restarted (log out,
then log back in) for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1752 -- 389-ds-base security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-baseThe 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.
It was discovered that the 389 Directory Server did not properly handle
certain Get Effective Rights (GER) search queries when the attribute list,
which is a part of the query, included several names using the '@'
character. An attacker able to submit search queries to the 389 Directory
Server could cause it to crash. (CVE-2013-4485)
All 389-ds-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the 389 server service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)
It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)
It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)
It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)
The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
This update also fixes the following bug:
* The TLS/SSL implementation in OpenJDK previously failed to handle
Diffie-Hellman (DH) keys with more than 1024 bits. This caused client
applications using JSSE to fail to establish TLS/SSL connections to servers
using larger DH keys during the connection handshake. This update adds
support for DH keys with size up to 2048 bits. (BZ#1148309)
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1655: libxml2 security update (Moderate)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6CentOS Linux 7CentOS Linux 6libxml2The libxml2 library is a development toolbox providing the implementation
of various XML standards.
A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an application
using libxml2, would lead to excessive CPU consumption (denial of service)
based on excessive entity substitutions, even if entity substitution was
disabled, which is the parser default behavior. (CVE-2014-3660)
All libxml2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The desktop must be
restarted (log out, then log back in) for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1647: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1577)
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron
Campen Jon Coppeard, Holger Fuhrmannek, Abhishek Arya, and regenrecht as
the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 31.2.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 31.2.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1540 -- evolution security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6cheesecontrol-centerekigaevolutionevolution-data-serverevolution-exchangeevolution-mapignome-panelgnome-python2-desktopgtkhtml3libgdatanautilus-sendtoopenchangepidginplannertotemSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1606: file security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6fileThe "file" command is used to identify a particular file according to the
type of data contained in the file. The command can identify various file
types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.
Multiple denial of service flaws were found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use either
of these flaws to crash file, or an application using file, via a specially
crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,
CVE-2014-3480, CVE-2012-1571)
Two denial of service flaws were found in the way file handled indirect and
search rules. A remote attacker could use either of these flaws to cause
file, or an application using file, to crash or consume an excessive amount
of CPU. (CVE-2014-1943, CVE-2014-2270)
This update also fixes the following bugs:
* Previously, the output of the "file" command contained redundant white
spaces. With this update, the new STRING_TRIM flag has been introduced to
remove the unnecessary white spaces. (BZ#664513)
* Due to a bug, the "file" command could incorrectly identify an XML
document as a LaTex document. The underlying source code has been modified
to fix this bug and the command now works as expected. (BZ#849621)
* Previously, the "file" command could not recognize .JPG files and
incorrectly labeled them as "Minix filesystem". This bug has been fixed and
the command now properly detects .JPG files. (BZ#873997)
* Under certain circumstances, the "file" command incorrectly detected
NETpbm files as "x86 boot sector". This update applies a patch to fix this
bug and the command now detects NETpbm files as expected. (BZ#884396)
* Previously, the "file" command incorrectly identified ASCII text files as
a .PIC image file. With this update, a patch has been provided to address
this bug and the command now correctly recognizes ASCII text files.
(BZ#980941)
* On 32-bit PowerPC systems, the "from" field was missing from the output
of the "file" command. The underlying source code has been modified to fix
this bug and "file" output now contains the "from" field as expected.
(BZ#1037279)
* The "file" command incorrectly detected text files as "RRDTool DB version
ool - Round Robin Database Tool". This update applies a patch to fix this
bug and the command now correctly detects text files. (BZ#1064463)
* Previously, the "file" command supported only version 1 and 2 of the QCOW
format. As a consequence, file was unable to detect a "qcow2 compat=1.1"
file created on Red Hat Enterprise Linux 7. With this update, support for
QCOW version 3 has been added so that the command now detects such files as
expected. (BZ#1067771)
All file users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2013:1591 -- openssh security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6opensshOpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation.
These packages include the core files necessary for the OpenSSH client
and server.
The default OpenSSH configuration made it easy for remote attackers to
exhaust unauthorized connection slots and prevent other users from being
able to log in to a system. This flaw has been addressed by enabling random
early connection drops by setting MaxStartups to 10:30:100 by default.
For more information, refer to the sshd_config(5) man page. (CVE-2010-5107)
These updated openssh packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes,
linked to in the References, for information on the most significant of
these changes.
All openssh users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add
these enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:1392: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A NULL pointer dereference flaw was found in the way the Linux kernel's
Stream Control Transmission Protocol (SCTP) implementation handled
simultaneous connections between the same hosts. A remote attacker could
use this flaw to crash the system. (CVE-2014-5077, Important)
* An integer overflow flaw was found in the way the Linux kernel's Frame
Buffer device implementation mapped kernel memory to user space via the
mmap syscall. A local user able to access a frame buffer device file
(/dev/fb*) could possibly use this flaw to escalate their privileges on the
system. (CVE-2013-2596, Important)
* A flaw was found in the way the ipc_rcu_putref() function in the Linux
kernel's IPC implementation handled reference counter decrementing.
A local, unprivileged user could use this flaw to trigger an Out of Memory
(OOM) condition and, potentially, crash the system. (CVE-2013-4483,
Moderate)
* It was found that the permission checks performed by the Linux kernel
when a netlink message was received were not sufficient. A local,
unprivileged user could potentially bypass these restrictions by passing a
netlink socket as stdout or stderr to a more privileged process and
altering the output of this process. (CVE-2014-0181, Moderate)
* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page locking in
certain cases, which could potentially trigger the BUG_ON() macro in the
mlock_vma_page() function. A local, unprivileged user could use this flaw
to crash the system. (CVE-2014-3122, Moderate)
* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest with
an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)
* Multiple use-after-free flaws were found in the way the Linux kernel's
Advanced Linux Sound Architecture (ALSA) implementation handled user
controls. A local, privileged user could use either of these flaws to crash
the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate)
* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic links.
A local, unprivileged user could use this flaw to exhaust all available
memory on the system or, potentially, trigger a use-after-free error,
resulting in a system crash or privilege escalation. (CVE-2014-5045,
Moderate)
* An integer overflow flaw was found in the way the lzo1x_decompress_safe()
function of the Linux kernel's LZO implementation processed Literal Runs.
A local attacker could, in extremely rare cases, use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2014-4608, Low)
Red Hat would like to thank Vladimir Davydov of Parallels for reporting
CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601,
Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A.
Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security
impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of
Red Hat.
This update also fixes several hundred bugs and adds numerous enhancements.
Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on
the most significant of these changes, and the Technical Notes for further
information, both linked to in the References.
All Red Hat Enterprise Linux 6 users are advised to install these updated
packages, which correct these issues, and fix the bugs and add the
enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and
Technical Notes. The system must be rebooted for this update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0519 -- openssh security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6opensshSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0255 -- subversion security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6subversionSubversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes. The
mod_dav_svn module is used with the Apache HTTP Server to allow access to
Subversion repositories via HTTP.
A flaw was found in the way the mod_dav_svn module handled OPTIONS
requests. A remote attacker with read access to an SVN repository served
via HTTP could use this flaw to cause the httpd process that handled such a
request to crash. (CVE-2014-0032)
A flaw was found in the way Subversion handled file names with newline
characters when the FSFS repository format was used. An attacker with
commit access to an SVN repository could corrupt a revision by committing a
specially crafted file. (CVE-2013-1968)
A flaw was found in the way the svnserve tool of Subversion handled remote
client network connections. An attacker with read access to an SVN
repository served via svnserve could use this flaw to cause the svnserve
daemon to exit, leading to a denial of service. (CVE-2013-2112)
All subversion users should upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, for the update to take effect, you must restart the httpd
daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are
serving Subversion repositories via the svn:// protocol.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1388: cups security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6cupsCUPS provides a portable printing layer for Linux, UNIX, and similar
operating systems.
A cross-site scripting (XSS) flaw was found in the CUPS web interface.
An attacker could use this flaw to perform a cross-site scripting attack
against users of the CUPS web interface. (CVE-2014-2856)
It was discovered that CUPS allowed certain users to create symbolic links
in certain directories under /var/cache/cups/. A local user with the 'lp'
group privileges could use this flaw to read the contents of arbitrary
files on the system or, potentially, escalate their privileges on the
system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)
The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat
Product Security.
These updated cups packages also include several bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the
References section, for information on the most significant of these
changes.
All cups users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the cupsd daemon will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1620 -- xorg-x11-server security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6xorg-x11-serverX.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
A flaw was found in the way the X.org X11 server registered new hot plugged
devices. If a local user switched to a different session and plugged in a
new device, input from that device could become available in the previous
session, possibly leading to information disclosure. (CVE-2013-1940)
This issue was found by David Airlie and Peter Hutterer of Red Hat.
This update also fixes the following bugs:
* A previous upstream patch modified the Xephyr X server to be resizeable,
however, it did not enable the resize functionality by default. As a
consequence, X sandboxes were not resizeable on Red Hat Enterprise Linux
6.4 and later. This update enables the resize functionality by default so
that X sandboxes can now be resized as expected. (BZ#915202)
* In Red Hat Enterprise Linux 6, the X Security extension (XC-SECURITY)
has been disabled and replaced by X Access Control Extension (XACE).
However, XACE does not yet include functionality that was previously
available in XC-SECURITY. With this update, XC-SECURITY is enabled in the
xorg-x11-server spec file on Red Hat Enterprise Linux 6. (BZ#957298)
* Upstream code changes to extension initialization accidentally disabled
the GLX extension in Xvfb (the X virtual frame buffer), rendering headless
3D applications not functional. An upstream patch to this problem has been
backported so the GLX extension is enabled again, and applications relying
on this extension work as expected. (BZ#969538)
All xorg-x11-server users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1615 -- php security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a PHP
script access unexpected files and bypass intended file system access
restrictions. (CVE-2006-7243)
A flaw was found in PHP's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. If an
attacker was able to get a carefully crafted certificate signed by a
trusted Certificate Authority, the attacker could use the certificate to
conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248)
It was found that the PHP SOAP parser allowed the expansion of external XML
entities during SOAP message parsing. A remote attacker could possibly use
this flaw to read arbitrary files that are accessible to a PHP application
using a SOAP extension. (CVE-2013-1643)
This update fixes the following bugs:
* Previously, when the allow_call_time_pass_reference setting was disabled,
a virtual host on the Apache server could terminate with a segmentation
fault when attempting to process certain PHP content. This bug has been
fixed and virtual hosts no longer crash when allow_call_time_pass_reference
is off. (BZ#892158, BZ#910466)
* Prior to this update, if an error occurred during the operation of the
fclose(), file_put_contents(), or copy() function, the function did not
report it. This could have led to data loss. With this update, the
aforementioned functions have been modified to properly report any errors.
(BZ#947429)
* The internal buffer for the SQLSTATE error code can store maximum of 5
characters. Previously, when certain calls exceeded this limit, a buffer
overflow occurred. With this update, messages longer than 5 characters are
automatically replaced with the default "HY000" string, thus preventing the
overflow. (BZ#969110)
In addition, this update adds the following enhancement:
* This update adds the following rpm macros to the php package: %__php,
%php_inidir, %php_incldir. (BZ#953814)
Users of php are advised to upgrade to these updated packages, which fix
these bugs and add this enhancement. After installing the updated packages,
the httpd daemon must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0520 -- dovecot security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6dovecotDovecot is an IMAP server, written with security primarily in mind, for
Linux and other UNIX-like systems. It also contains a small POP3 server. It
supports mail in either of maildir or mbox formats. The SQL drivers and
authentication plug-ins are provided as sub-packages.
Two flaws were found in the way some settings were enforced by the
script-login functionality of Dovecot. A remote, authenticated user could
use these flaws to bypass intended access restrictions or conduct a
directory traversal attack by leveraging login scripts. (CVE-2011-2166,
CVE-2011-2167)
A flaw was found in the way Dovecot performed remote server identity
verification, when it was configured to proxy IMAP and POP3 connections to
remote hosts using TLS/SSL protocols. A remote attacker could use this flaw
to conduct man-in-the-middle attacks using an X.509 certificate issued by
a trusted Certificate Authority (for a different name). (CVE-2011-4318)
This update also fixes the following bug:
* When a new user first accessed their IMAP inbox, Dovecot was, under some
circumstances, unable to change the group ownership of the inbox directory
in the user's Maildir location to match that of the user's mail spool
(/var/mail/$USER). This correctly generated an "Internal error occurred"
message. However, with a subsequent attempt to access the inbox, Dovecot
saw that the directory already existed and proceeded with its operation,
leaving the directory with incorrectly set permissions. This update
corrects the underlying permissions setting error. When a new user now
accesses their inbox for the first time, and it is not possible to set
group ownership, Dovecot removes the created directory and generates an
error message instead of keeping the directory with incorrect group
ownership. (BZ#697620)
Users of dovecot are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the dovecot service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1636: java-1.8.0-openjdk security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6java-1.8.0-openjdkThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.
It was discovered that the Libraries component in OpenJDK failed to
properly handle ZIP archives that contain entries with a NUL byte used in
the file names. An untrusted Java application or applet could use this flaw
to bypass Java sandbox restrictions. (CVE-2014-6562)
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)
It was discovered that the Hotspot component in OpenJDK failed to properly
handle malformed Shared Archive files. A local attacker able to modify a
Shared Archive file used by a virtual machine of a different user could
possibly use this flaw to escalate their privileges. (CVE-2014-6468)
It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)
It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)
It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)
The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.
All users of java-1.8.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1569 -- wireshark security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6wiresharkSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1507: trousers security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6trousersTrouSerS is an implementation of the Trusted Computing Group's Software
Stack (TSS) specification. You can use TrouSerS to write applications that
make use of your TPM hardware. TPM hardware can create, store and use RSA
keys securely (without ever being exposed in memory), verify a platform's
software state using cryptographic hashes and more.
A flaw was found in the way tcsd, the daemon that manages Trusted Computing
resources, processed incoming TCP packets. A remote attacker could send a
specially crafted TCP packet that, when processed by tcsd, could cause the
daemon to crash. Note that by default tcsd accepts requests on localhost
only. (CVE-2012-0698)
Red Hat would like to thank Andrew Lutomirski for reporting this issue.
The trousers package has been upgraded to upstream version 0.3.13, which
provides a number of bug fixes and enhancements over the previous version,
including corrected internal symbol names to avoid collisions with other
applications, fixed memory leaks, added IPv6 support, fixed buffer handling
in tcsd, as well as changed the license to BSD. (BZ#633584, BZ#1074634)
All trousers users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1389: krb5 security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6krb5Kerberos is a networked authentication system which allows clients and
servers to authenticate to each other with the help of a trusted third
party, the Kerberos KDC.
It was found that if a KDC served multiple realms, certain requests could
cause the setup_server_realm() function to dereference a NULL pointer.
A remote, unauthenticated attacker could use this flaw to crash the KDC
using a specially crafted request. (CVE-2013-1418, CVE-2013-6800)
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
acceptor for continuation tokens. A remote, unauthenticated attacker could
use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)
A buffer overflow was found in the KADM5 administration server (kadmind)
when it was used with an LDAP back end for the KDC database. A remote,
authenticated attacker could potentially use this flaw to execute arbitrary
code on the system running kadmind. (CVE-2014-4345)
Two buffer over-read flaws were found in the way MIT Kerberos handled
certain requests. A remote, unauthenticated attacker who is able to inject
packets into a client or server application's GSSAPI session could use
either of these flaws to crash the application. (CVE-2014-4341,
CVE-2014-4342)
A double-free flaw was found in the MIT Kerberos SPNEGO initiators.
An attacker able to spoof packets to appear as though they are from an
GSSAPI acceptor could use this flaw to crash a client application that uses
MIT Kerberos. (CVE-2014-4343)
These updated krb5 packages also include several bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the
References section, for information on the most significant of these
changes.
All krb5 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1537 -- augeas security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6augeasSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1635: firefox security update (Critical)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576,
CVE-2014-1577)
A flaw was found in the Alarm API, which allows applications to schedule
actions to be run in the future. A malicious web application could use this
flaw to bypass cross-origin restrictions. (CVE-2014-1583)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron
Campen Jon Coppeard, Atte Kettunen, Holger Fuhrmannek, Abhishek Arya,
regenrecht, and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 31.2.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.2.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1676 -- wireshark security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6wiresharkWireshark is a network protocol analyzer. It is used to capture and browse
the traffic running on a computer network.
Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,
CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)
All wireshark users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Wireshark must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1652: openssl security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.
For additional information about this flaw, see the Knowledgebase article
at https://access.redhat.com/articles/1232123
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure
Real-time Transport Protocol (SRTP) extension data. A remote attacker could
send multiple specially crafted handshake messages to exhaust all available
memory of an SSL/TLS or DTLS server. (CVE-2014-3513)
A memory leak flaw was found in the way an OpenSSL handled failed session
ticket integrity checks. A remote attacker could exhaust all available
memory of an SSL/TLS or DTLS server by sending a large number of invalid
session tickets to that server. (CVE-2014-3567)
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to mitigate the CVE-2014-3566 issue and correct
the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,
all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1193: axis security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6axisApache Axis is an implementation of SOAP (Simple Object Access Protocol).
It can be used to build both web service clients and servers.
It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)
For additional information on this flaw, refer to the Knowledgebase article
in the References section.
This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.
All axis users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using Apache
Axis must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1671 -- rsyslog5 and rsyslog security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6rsyslogrsyslog5The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine grained
output format control.
A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon. (CVE-2014-3634)
Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.
All rsyslog5 and rsyslog users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing the update, the rsyslog service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1552: openssh security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6opensshOpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.
These packages include the core files necessary for both the OpenSSH client
and server.
It was discovered that OpenSSH clients did not correctly verify DNS SSHFP
records. A malicious server could use this flaw to force a connecting
client to skip the DNS SSHFP record check and require the user to perform
manual host verification of the DNS SSHFP record. (CVE-2014-2653)
It was found that OpenSSH did not properly handle certain AcceptEnv
parameter values with wildcard characters. A remote attacker could use this
flaw to bypass intended environment variable restrictions. (CVE-2014-2532)
This update also fixes the following bugs:
* Based on the SP800-131A information security standard, the generation of
a digital signature using the Digital Signature Algorithm (DSA) with the
key size of 1024 bits and RSA with the key size of less than 2048 bits is
disallowed after the year 2013. After this update, ssh-keygen no longer
generates keys with less than 2048 bits in FIPS mode. However, the sshd
service accepts keys of size 1024 bits as well as larger keys for
compatibility reasons. (BZ#993580)
* Previously, the openssh utility incorrectly set the oom_adj value to -17
for all of its children processes. This behavior was incorrect because the
children processes were supposed to have this value set to 0. This update
applies a patch to fix this bug and oom_adj is now properly set to 0 for
all children processes as expected. (BZ#1010429)
* Previously, if the sshd service failed to verify the checksum of an
installed FIPS module using the fipscheck library, the information about
this failure was only provided at the standard error output of sshd. As a
consequence, the user could not notice this message and be uninformed when
a system had not been properly configured for FIPS mode. To fix this bug,
this behavior has been changed and sshd now sends such messages via the
syslog service. (BZ#1020803)
* When keys provided by the pkcs11 library were removed from the ssh agent
using the "ssh-add -e" command, the user was prompted to enter a PIN.
With this update, a patch has been applied to allow the user to remove the
keys provided by pkcs11 without the PIN. (BZ#1042519)
In addition, this update adds the following enhancements:
* With this update, ControlPersist has been added to OpenSSH. The option in
conjunction with the ControlMaster configuration directive specifies that
the master connection remains open in the background after the initial
client connection has been closed. (BZ#953088)
* When the sshd daemon is configured to force the internal SFTP session,
and the user attempts to use a connection other than SFTP, the appropriate
message is logged to the /var/log/secure file. (BZ#997377)
* Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and
host user keys (ECDSA) as specified by RFC5656 has been added to the
openssh packages. However, they are not enabled by default and the user has
to enable them manually. For more information on how to configure ECDSA and
ECDH with OpenSSH, see: https://access.redhat.com/solutions/711953
(BZ#1028335)
All openssh users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1167: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's futex subsystem handled
reference counting when requeuing futexes during futex_wait(). A local,
unprivileged user could use this flaw to zero out the reference counter of
an inode or an mm struct that backs up the memory area of the futex, which
could lead to a use-after-free flaw, resulting in a system crash or,
potentially, privilege escalation. (CVE-2014-0205, Important)
* A NULL pointer dereference flaw was found in the way the Linux kernel's
networking implementation handled logging while processing certain invalid
packets coming in via a VxLAN interface. A remote attacker could use this
flaw to crash the system by sending a specially crafted packet to such an
interface. (CVE-2014-3535, Important)
* An out-of-bounds memory access flaw was found in the Linux kernel's
system call auditing implementation. On a system with existing audit rules
defined, a local, unprivileged user could use this flaw to leak kernel
memory to user space or, potentially, crash the system. (CVE-2014-3917,
Moderate)
* An integer underflow flaw was found in the way the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation processed certain
COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote
attacker could use this flaw to prevent legitimate connections to a
particular SCTP server socket to be made. (CVE-2014-4667, Moderate)
Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks
for reporting CVE-2014-4667. The security impact of the CVE-2014-0205 issue
was discovered by Mateusz Guzik of Red Hat.
This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1654: rsyslog7 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6rsyslog7The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine grained
output format control.
A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon or, potentially, execute arbitrary code as the user running
the rsyslog daemon. (CVE-2014-3634)
Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.
All rsyslog7 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the rsyslog service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libX11libXcursorlibXextlibXfixeslibXilibXineramalibXplibXrandrlibXrenderlibXreslibXtlibXtstlibXvlibXvMClibXxf86dgalibXxf86vmlibdmxlibxcbxcb-protoxkeyboard-configxorg-x11-proto-develxorg-x11-xtrans-develThe X11 (Xorg) libraries provide library routines that are used within all
X Window applications.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way various X11 client libraries handled certain protocol
data. An attacker able to submit invalid protocol data to an X11 server via
a malicious X11 client could use either of these flaws to potentially
escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982,
CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987,
CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003,
CVE-2013-2062, CVE-2013-2064)
Multiple array index errors, leading to heap-based buffer out-of-bounds
write flaws, were found in the way various X11 client libraries handled
data returned from an X11 server. A malicious X11 server could possibly use
this flaw to execute arbitrary code with the privileges of the user running
an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000,
CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)
A buffer overflow flaw was found in the way the XListInputDevices()
function of X.Org X11's libXi runtime library handled signed numbers.
A malicious X11 server could possibly use this flaw to execute arbitrary
code with the privileges of the user running an X11 client. (CVE-2013-1995)
A flaw was found in the way the X.Org X11 libXt runtime library used
uninitialized pointers. A malicious X11 server could possibly use this flaw
to execute arbitrary code with the privileges of the user running an X11
client. (CVE-2013-2005)
Two stack-based buffer overflow flaws were found in the way libX11, the
Core X11 protocol client library, processed certain user-specified files.
A malicious X11 server could possibly use this flaw to crash an X11 client
via a specially crafted file. (CVE-2013-2004)
The xkeyboard-config package has been upgraded to upstream version 2.11,
which provides a number of bug fixes and enhancements over the previous
version. (BZ#1077471)
This update also fixes the following bugs:
* Previously, updating the mesa-libGL package did not update the libX11
package, although it was listed as a dependency of mesa-libGL. This bug has
been fixed and updating mesa-libGL now updates all dependent packages as
expected. (BZ#1054614)
* Previously, closing a customer application could occasionally cause the X
Server to terminate unexpectedly. After this update, the X Server no longer
hangs when a user closes a customer application. (BZ#971626)
All X11 client libraries users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1307: nss security update (Important)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 7CentOS Linux 6CentOS Linux 5Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)
input from certain RSA signatures. A remote attacker could use this flaw to
forge RSA certificates by providing a specially crafted signature to an
application using NSS. (CVE-2014-1568)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security
Incident Response Team as the original reporters.
All NSS users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, applications using NSS must be restarted for this update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1148: squid security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6squidSquid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2013:1605 -- glibc security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6glibcThe glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name Server
Caching Daemon (nscd) used by multiple programs on the system. Without
these libraries, the Linux system cannot function correctly.
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in glibc's memory allocator functions (pvalloc, valloc, and
memalign). If an application used such a function, it could cause the
application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2013-4332)
A flaw was found in the regular expression matching routines that process
multibyte character input. If an application utilized the glibc regular
expression matching mechanism, an attacker could provide specially-crafted
input that, when processed, would cause the application to crash.
(CVE-2013-0242)
It was found that getaddrinfo() did not limit the amount of stack memory
used during name resolution. An attacker able to make an application
resolve an attacker-controlled hostname or IP address could possibly cause
the application to exhaust all stack memory and crash. (CVE-2013-1914)
Among other changes, this update includes an important fix for the following
bug:
* Due to a defect in the initial release of the getaddrinfo() system call in Red
Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the
/etc/hosts file returned queried names as canonical names. This incorrect
behavior is, however, still considered to be the expected behavior. As a result
of a recent change in getaddrinfo(), AF_INET6 queries started resolving the
canonical names correctly. However, this behavior was unexpected by applications
that relied on queries resolved from the /etc/hosts file, and these applications
could thus fail to operate properly. This update applies a fix ensuring that
AF_INET6 queries resolved from /etc/hosts always return the queried name as
canonical. Note that DNS lookups are resolved properly and always return the
correct canonical names. A proper fix to AF_INET6 queries resolution from
/etc/hosts may be applied in future releases; for now, due to a lack of
standard, Red Hat suggests the first entry in the /etc/hosts file, that applies
for the IP address being resolved, to be considered the canonical entry.
(BZ#1022022)
These updated glibc packages also include additional bug fixes and
various enhancements. Space precludes documenting all of these changes
in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5
Technical Notes, linked to in the References, for information on the
most significant of these changes.
All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:1075: qemu-kvm security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmKVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1635 -- pacemaker security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6pacemakerSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1391: glibc security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6glibcThe glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
An out-of-bounds write flaw was found in the way the glibc's readdir_r()
function handled file system entries longer than the NAME_MAX character
constant. A remote attacker could provide a specially crafted NTFS or CIFS
file system that, when processed by an application using readdir_r(), would
cause that application to crash or, potentially, allow the attacker to
execute arbitrary code with the privileges of the user running the
application. (CVE-2013-4237)
It was found that getaddrinfo() did not limit the amount of stack memory
used during name resolution. An attacker able to make an application
resolve an attacker-controlled hostname or IP address could possibly cause
the application to exhaust all stack memory and crash. (CVE-2013-4458)
These updated glibc packages also include several bug fixes and two
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical
Notes, linked to in the References section, for information on the most
significant of these changes.
All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1306: bash security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still
allowed certain characters to be injected into other environments via
specially crafted environment variables. An attacker could potentially use
this flaw to override or bypass environment restrictions to execute shell
commands. Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit this
issue. (CVE-2014-7169)
Applications which directly create bash functions as environment variables
need to be made aware of changes to the way names are handled by this
update. For more information see the Knowledgebase article at
https://access.redhat.com/articles/1200223
Note: Docker users are advised to use "yum update" within their containers,
and to commit the resulting changes.
For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the
aforementioned Knowledgebase article.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1144: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1145: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1293: bash security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)
For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at https://access.redhat.com/articles/1200223
Red Hat would like to thank Stephane Chazelas for reporting this issue.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1166: jakarta-commons-httpclient security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7jakarta-commons-httpclientJakarta Commons HTTPClient implements the client side of HTTP standards.
It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)
For additional information on this flaw, refer to the Knowledgebase
article in the References section.
All jakarta-commons-httpclient users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1172: procmail security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7procmailThe procmail program is used for local mail delivery. In addition to just
delivering mail, procmail can be used for automatic filtering, presorting,
and other mail handling jobs.
A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
All procmail users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1052: openssl security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
A race condition was found in the way OpenSSL handled ServerHello messages
with an included Supported EC Point Format extension. A malicious server
could possibly use this flaw to cause a multi-threaded TLS/SSL client using
OpenSSL to write into freed memory, causing the client to crash or execute
arbitrary code. (CVE-2014-3509)
It was discovered that the OBJ_obj2txt() function could fail to properly
NUL-terminate its output. This could possibly cause an application using
OpenSSL functions to format fields of X.509 certificates to disclose
portions of its memory. (CVE-2014-3508)
A flaw was found in the way OpenSSL handled fragmented handshake packets.
A man-in-the-middle attacker could use this flaw to force a TLS/SSL server
using OpenSSL to use TLS 1.0, even if both the client and the server
supported newer protocol versions. (CVE-2014-3511)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets.
A remote attacker could use these flaws to cause a DTLS server or client
using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,
CVE-2014-3506, CVE-2014-3507)
A NULL pointer dereference flaw was found in the way OpenSSL performed a
handshake when using the anonymous Diffie-Hellman (DH) key exchange. A
malicious server could cause a DTLS client using OpenSSL to crash if that
client had anonymous DH cipher suites enabled. (CVE-2014-3510)
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1031: 389-ds-base security update (Important)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6CentOS Linux 6CentOS Linux 7389-ds-baseThe 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.
It was found that when replication was enabled for each attribute in 389
Directory Server, which is the default configuration, the server returned
replicated metadata when the directory was searched while debugging was
enabled. A remote attacker could use this flaw to disclose potentially
sensitive information. (CVE-2014-3562)
This issue was discovered by Ludwig Krispenz of Red Hat.
All 389-ds-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the 389 server service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1390: luci security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6luciLuci is a web-based high availability administration application.
It was discovered that luci used eval() on inputs containing strings from
the cluster configuration file when generating its web pages. An attacker
with privileges to create or edit the cluster configuration could use this
flaw to execute arbitrary code as the luci user on a host running luci.
(CVE-2014-3593)
This issue was discovered by Jan PokornГЅ of Red Hat.
These updated luci packages also include several bug fixes and multiple
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical
Notes, linked to in the References section, for information on the most
significant of these changes.
All luci users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1110: glibc security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7glibcThe glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1038: tomcat6 security update (Low)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was found that several application-provided XML files, such as web.xml,
content.xml, *.tld, *.tagx, and *.jspx, resolved external entities,
permitting XML External Entity (XXE) attacks. An attacker able to deploy
malicious applications to Tomcat could use this flaw to circumvent security
restrictions set by the JSM, and gain access to sensitive information on
the system. Note that this flaw only affected deployments in which Tomcat
is running applications from untrusted sources, such as in a shared hosting
environment. (CVE-2013-4590)
It was found that, in certain circumstances, it was possible for a
malicious web application to replace the XML parsers used by Apache Tomcat
to process XSLTs for the default servlet, JSP documents, tag library
descriptors (TLDs), and tag plug-in configuration files. The injected XML
parser(s) could then bypass the limits imposed on XML external entities
and/or gain access to the XML files processed for other web applications
deployed on the same Apache Tomcat instance. (CVE-2014-0119)
All Tomcat users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1009: samba4 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6samba4Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A heap-based buffer overflow flaw was found in Samba's NetBIOS message
block daemon (nmbd). An attacker on the local network could use this flaw
to send specially crafted packets that, when processed by nmbd, could
possibly lead to arbitrary code execution with root privileges.
(CVE-2014-3560)
All Samba users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1012: php53 and php security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6php53phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP's fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.
Multiple denial of service flaws were found in the way the File Information
(fileinfo) extension parsed certain Composite Document Format (CDF) files.
A remote attacker could use either of these flaws to crash a PHP
application using fileinfo via a specially crafted CDF file.
(CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571)
Two denial of service flaws were found in the way the File Information
(fileinfo) extension handled indirect and search rules. A remote attacker
could use either of these flaws to cause a PHP application using fileinfo
to crash or consume an excessive amount of CPU. (CVE-2014-1943,
CVE-2014-2270)
A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT
records. A malicious DNS server or a man-in-the-middle attacker could
possibly use this flaw to execute arbitrary code as the PHP interpreter if
a PHP application used the dns_get_record() function to perform a DNS
query. (CVE-2014-4049)
A type confusion issue was found in PHP's phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)
A buffer over-read flaw was found in the way the DateInterval class parsed
interval specifications. An attacker able to make a PHP application parse a
specially crafted specification using DateInterval could possibly cause the
PHP interpreter to crash. (CVE-2013-6712)
A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes' unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)
The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues
were discovered by Francisco Alonso of Red Hat Product Security.
All php53 and php users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013-1605: glibc security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6glibcUpdated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.Sergey ArtykhovDRAFTINTERIMACCEPTEDAlexander LeonovINTERIMACCEPTEDACCEPTEDRHSA-2013:1732: busybox security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6busyboxutil-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0884: openssh security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6opensshThe ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.Sergey ArtykhovDRAFTINTERIMACCEPTEDAlexander LeonovINTERIMACCEPTEDACCEPTEDRHSA-2013-1701: sudo security, bug fix and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6sssdAn updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1645: Red Hat Enterprise Linux 6 kernel update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelUpdated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1543: samba4 security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6samba4Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1652: coreutils security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6coreutilsUpdated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0981: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A use-after-free flaw was found in the way the ping_init_sock() function
of the Linux kernel handled the group_info reference counter. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2014-2851, Important)
* A NULL pointer dereference flaw was found in the way the
futex_wait_requeue_pi() function of the Linux kernel's futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes.
A local, unprivileged user could use this flaw to crash the system.
(CVE-2012-6647, Moderate)
* A NULL pointer dereference flaw was found in the rds_ib_laddr_check()
function in the Linux kernel's implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2013-7339, Moderate)
* It was found that a remote attacker could use a race condition flaw in
the ath_tx_aggr_sleep() function to crash the system by creating large
network traffic on the system's Atheros 9k wireless network adapter.
(CVE-2014-2672, Moderate)
* A NULL pointer dereference flaw was found in the rds_iw_laddr_check()
function in the Linux kernel's implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-2678, Moderate)
* A race condition flaw was found in the way the Linux kernel's mac80211
subsystem implementation handled synchronization between TX and STA wake-up
code paths. A remote attacker could use this flaw to crash the system.
(CVE-2014-2706, Moderate)
* An out-of-bounds memory access flaw was found in the Netlink Attribute
extension of the Berkeley Packet Filter (BPF) interpreter functionality in
the Linux kernel's networking implementation. A local, unprivileged user
could use this flaw to crash the system or leak kernel memory to user space
via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145,
Moderate)
This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013-1542: samba security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6sambaThese updated samba packages include numerous bug fixes and one element.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0920: httpd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6httpdThe httpd packages provide the Apache HTTP Server, a powerful, efficient,
and extensible web server.
A race condition flaw, leading to heap-based buffer overflows, was found in
the mod_status httpd module. A remote attacker able to access a status page
served by mod_status on a server using a threaded Multi-Processing Module
(MPM) could send a specially crafted request that would cause the httpd
child process to crash or, possibly, allow the attacker to execute
arbitrary code with the privileges of the "apache" user. (CVE-2014-0226)
A denial of service flaw was found in the way httpd's mod_deflate module
handled request body decompression (configured via the "DEFLATE" input
filter). A remote attacker able to send a request whose body would be
decompressed could use this flaw to consume an excessive amount of system
memory and CPU on the target system. (CVE-2014-0118)
A denial of service flaw was found in the way httpd's mod_cgid module
executed CGI scripts that did not read data from the standard input.
A remote attacker could submit a specially crafted request that would cause
the httpd child process to hang indefinitely. (CVE-2014-0231)
All httpd users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2014:0861: lzo security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7lzoLZO is a portable lossless data compression library written in ANSI C.
An integer overflow flaw was found in the way the lzo library decompressed
certain archives compressed with the LZO algorithm. An attacker could
create a specially crafted LZO-compressed input that, when decompressed by
an application using the lzo library, would cause that application to crash
or, potentially, execute arbitrary code. (CVE-2014-4607)
Red Hat would like to thank Don A. Bailey from Lab Mouse Security for
reporting this issue.
All lzo users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the lzo library must be restarted or the
system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:0924: kernel security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* It was found that the Linux kernel's ptrace subsystem allowed a traced
process' instruction pointer to be set to a non-canonical memory address
without forcing the non-sysret code path when returning to user space.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-4699,
Important)
Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
* A flaw was found in the way the pppol2tp_setsockopt() and
pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP
implementation handled requests with a non-SOL_PPPOL2TP socket option
level. A local, unprivileged user could use this flaw to escalate their
privileges on the system. (CVE-2014-4943, Important)
Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,
and Sasha Levin for reporting CVE-2014-4943.
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
this flaw to bypass Java sandbox restrictions. (CVE-2014-4262)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
This update also fixes the following bug:
* Prior to this update, an application accessing an unsynchronized HashMap
could potentially enter an infinite loop and consume an excessive amount of
CPU resources. This update resolves this issue. (BZ#1115580)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0866: samba and samba3x security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6samba3xsambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A denial of service flaw was found in the way the sys_recvfile() function
of nmbd, the NetBIOS message block daemon, processed non-blocking sockets.
An attacker could send a specially crafted packet that, when processed,
would cause nmbd to enter an infinite loop and consume an excessive amount
of CPU time. (CVE-2014-0244)
It was discovered that smbd, the Samba file server daemon, did not properly
handle certain files that were stored on the disk and used a valid Unicode
character in the file name. An attacker able to send an authenticated
non-Unicode request that attempted to read such a file could cause smbd to
crash. (CVE-2014-3493)
Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for
reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-3493.
The Samba project acknowledges Simon Arlott as the original reporter of
CVE-2014-3493.
All Samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0919: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro
Beekman, Patrick Cozzi, and Mozilla community member John as the original
reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.7.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.7.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0861: lzo security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7lzoLZO is a portable lossless data compression library written in ANSI C.
An integer overflow flaw was found in the way the lzo library decompressed
certain archives compressed with the LZO algorithm. An attacker could
create a specially crafted LZO-compressed input that, when decompressed by
an application using the lzo library, would cause that application to crash
or, potentially, execute arbitrary code. (CVE-2014-4607)
Red Hat would like to thank Don A. Bailey from Lab Mouse Security for
reporting this issue.
All lzo users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the lzo library must be restarted or the
system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0788: mod_wsgi security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mod_wsgiThe mod_wsgi adapter is an Apache module that provides a WSGI-compliant
interface for hosting Python-based web applications within Apache.
It was found that mod_wsgi did not properly drop privileges if the call to
setuid() failed. If mod_wsgi was set up to allow unprivileged users to run
WSGI applications, a local user able to run a WSGI application could
possibly use this flaw to escalate their privileges on the system.
(CVE-2014-0240)
Note: mod_wsgi is not intended to provide privilege separation for WSGI
applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different solution
with proper privilege separation.
It was discovered that mod_wsgi could leak memory of a hosted web
application via the "Content-Type" header. A remote attacker could possibly
use this flaw to disclose limited portions of the web application's memory.
(CVE-2014-0242)
Red Hat would like to thank Graham Dumpleton for reporting these issues.
Upstream acknowledges Róbert Kisteleki as the original reporter of
CVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242.
All mod_wsgi users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0790: dovecot security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7dovecotDovecot is an IMAP server, written with security primarily in mind, for
Linux and other UNIX-like systems. It also contains a small POP3 server.
It supports mail in both the maildir or mbox format. The SQL drivers and
authentication plug-ins are provided as subpackages.
It was discovered that Dovecot did not properly discard connections trapped
in the SSL/TLS handshake phase. A remote attacker could use this flaw to
cause a denial of service on an IMAP/POP3 server by exhausting the pool of
available connections and preventing further, legitimate connections to the
IMAP/POP3 server to be made. (CVE-2014-3430)
All dovecot users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the dovecot service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDRHSA-2014:0743: qemu-kvm security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmKVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.
Multiple buffer overflow, input validation, and out-of-bounds write flaws
were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers
of QEMU handled state loading after migration. A user able to alter the
savevm data (either on the disk or over the wire during migration) could
use either of these flaws to corrupt QEMU process memory on the
(destination) host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541,
CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)
An out-of-bounds memory access flaw was found in the way QEMU's IDE device
driver handled the execution of SMART EXECUTE OFFLINE commands.
A privileged guest user could use this flaw to corrupt QEMU process memory
on the host, which could potentially result in arbitrary code execution on
the host with the privileges of the QEMU process. (CVE-2014-2894)
The CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536,
CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and
CVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat,
Anthony Liguori, and Michael Roth.
This update also fixes the following bugs:
* Previously, under certain circumstances, libvirt failed to start guests
which used a non-zero PCI domain and SR-IOV Virtual Functions (VFs), and
returned the following error message:
Can't assign device inside non-zero PCI segment as this KVM module doesn't
support it.
This update fixes this issue and guests using the aforementioned
configuration no longer fail to start. (BZ#1099941)
* Due to an incorrect initialization of the cpus_sts bitmap, which holds
the enablement status of a vCPU, libvirt could fail to start a guest with
an unusual vCPU topology (for example, a guest with three cores and two
sockets). With this update, the initialization of cpus_sts has been
corrected, and libvirt no longer fails to start the aforementioned guests.
(BZ#1100575)
All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0917: nss and nspr security, bug fix, and enhancement update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6nsprnssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application. (CVE-2014-1544)
A flaw was found in the way TLS False Start was implemented in NSS.
An attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)
A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to crash
an application using NSS or, in rare cases, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1490)
It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)
An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or, possibly,
execute arbitrary code with the privileges of the user running that
application. This NSPR flaw was not exposed to web content in any shipped
version of Firefox. (CVE-2014-1545)
It was found that the implementation of Internationalizing Domain Names in
Applications (IDNA) hostname matching in NSS did not follow the RFC 6125
recommendations. This could lead to certain invalid certificates with
international characters to be accepted as valid. (CVE-2014-1492)
Red Hat would like to thank the Mozilla project for reporting the
CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues.
Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the
original reporters of CVE-2014-1544, Brian Smith as the original reporter
of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the
original reporters of CVE-2014-1491, and Abhishek Arya as the original
reporter of CVE-2014-1545.
In addition, the nss package has been upgraded to upstream version 3.16.1,
and the nspr package has been upgraded to upstream version 4.10.6. These
updated packages provide a number of bug fixes and enhancements over the
previous versions. (BZ#1112136, BZ#1112135)
Users of NSS and NSPR are advised to upgrade to these updated packages,
which correct these issues and add these enhancements. After installing
this update, applications using NSS or NSPR must be restarted for this
update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2014:0866: samba and samba3x security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6samba3xsambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A denial of service flaw was found in the way the sys_recvfile() function
of nmbd, the NetBIOS message block daemon, processed non-blocking sockets.
An attacker could send a specially crafted packet that, when processed,
would cause nmbd to enter an infinite loop and consume an excessive amount
of CPU time. (CVE-2014-0244)
It was discovered that smbd, the Samba file server daemon, did not properly
handle certain files that were stored on the disk and used a valid Unicode
character in the file name. An attacker able to send an authenticated
non-Unicode request that attempted to read such a file could cause smbd to
crash. (CVE-2014-3493)
Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for
reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-3493.
The Samba project acknowledges Simon Arlott as the original reporter of
CVE-2014-3493.
All Samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by streaming
an unlimited quantity of data, leading to excessive consumption of server
resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server located
behind a reverse proxy that processed the content length header correctly.
(CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product
Security.
This update also fixes the following bugs:
* The patch that resolved the CVE-2014-0050 issue contained redundant code.
This update removes the redundant code. (BZ#1094528)
* The patch that resolved the CVE-2013-4322 issue contained an invalid
check that triggered a java.io.EOFException while reading trailer headers
for chunked requests. This update fixes the check and the aforementioned
exception is no longer triggered in the described scenario. (BZ#1095602)
All Tomcat 6 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:0771: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's futex subsystem handled
the requeuing of certain Priority Inheritance (PI) futexes. A local,
unprivileged user could use this flaw to escalate their privileges on the
system. (CVE-2014-3153, Important)
* A flaw was found in the way the Linux kernel's floppy driver handled user
space provided data in certain error code paths while processing FDRAWCMD
IOCTL commands. A local user with write access to /dev/fdX could use this
flaw to free (using the kfree() function) arbitrary kernel memory.
(CVE-2014-1737, Important)
* It was found that the Linux kernel's floppy driver leaked internal kernel
memory addresses to user space during the processing of the FDRAWCMD IOCTL
command. A local user with write access to /dev/fdX could use this flaw to
obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)
Note: A local user with write access to /dev/fdX could use these two flaws
(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their
privileges on the system.
* It was discovered that the proc_ns_follow_link() function did not
properly return the LAST_BIND value in the last pathname component as is
expected for procfs symbolic links, which could lead to excessive freeing
of memory and consequent slab corruption. A local, unprivileged user could
use this flaw to crash the system. (CVE-2014-0203, Moderate)
* A flaw was found in the way the Linux kernel handled exceptions when
user-space applications attempted to use the linkage stack. On IBM S/390
systems, a local, unprivileged user could use this flaw to crash the
system. (CVE-2014-2039, Moderate)
* An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able to
write to a file that is provided by the libertas driver and located on the
debug file system (debugfs) could use this flaw to crash the system. Note:
The debugfs file system must be mounted locally to exploit this issue.
It is not mounted by default. (CVE-2013-6378, Low)
* A denial of service flaw was discovered in the way the Linux kernel's
SELinux implementation handled files with an empty SELinux security
context. A local user who has the CAP_MAC_ADMIN capability could use this
flaw to crash the system. (CVE-2014-1874, Low)
Red Hat would like to thank Kees Cook of Google for reporting
CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738,
and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google
acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.
This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0625: openssl security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. A remote attacker could possibly use this flaw to execute
arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0560: libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libvirtThe libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.
It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML
documents using the libxml2 library, in which case all XML entities in the
parsed documents are expanded. A user able to force libvirtd to parse an
XML document with an entity pointing to a special file that blocks on read
access could use this flaw to cause libvirtd to hang indefinitely,
resulting in a denial of service on the system. (CVE-2014-0179)
Red Hat would like to thank the upstream Libvirt project for reporting this
issue. Upstream acknowledges Daniel P. Berrange and Richard Jones as the
original reporters.
This update also fixes the following bugs:
* When hot unplugging a virtual CPU (vCPU), libvirt kept a pointer to
already freed memory if the vCPU was pinned to a host CPU. Consequently,
when reading the CPU pinning information, libvirt terminated unexpectedly
due to an attempt to access this memory. This update ensures that libvirt
releases the pointer to the previously allocated memory when a vCPU is
being hot unplugged, and it no longer crashes in this situation.
(BZ#1091206)
* Previously, libvirt passed an incorrect argument to the "tc" command when
setting quality of service (QoS) on a network interface controller (NIC).
As a consequence, QoS was applied only to IP traffic. With this update,
libvirt constructs the "tc" command correctly so that QoS is applied to all
traffic as expected. (BZ#1096806)
* When using the sanlock daemon for managing access to shared storage,
libvirt expected all QEMU domains to be registered with sanlock. However,
if a QEMU domain was started prior to enabling sanlock, the domain was not
registered with sanlock. Consequently, migration of a virtual machine (VM)
from such a QEMU domain failed with a libvirt error. With this update,
libvirt verifies whether a QEMU domain process is registered with sanlock
before it starts working with the domain, ensuring that migration of
virtual machines works as expected. (BZ#1097227)
All libvirt users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, libvirtd will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0865: tomcat6 security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by streaming
an unlimited quantity of data, leading to excessive consumption of server
resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server located
behind a reverse proxy that processed the content length header correctly.
(CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product
Security.
This update also fixes the following bugs:
* The patch that resolved the CVE-2014-0050 issue contained redundant code.
This update removes the redundant code. (BZ#1094528)
* The patch that resolved the CVE-2013-4322 issue contained an invalid
check that triggered a java.io.EOFException while reading trailer headers
for chunked requests. This update fixes the check and the aforementioned
exception is no longer triggered in the described scenario. (BZ#1095602)
All Tomcat 6 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0448: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxMozilla Firefox is an open source web browser.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)
A use-after-free flaw was found in the way Firefox resolved hosts in
certain circumstances. An attacker could use this flaw to crash Firefox or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1532)
An out-of-bounds read flaw was found in the way Firefox decoded JPEG
images. Loading a web page containing a specially crafted JPEG image could
cause Firefox to crash. (CVE-2014-1523)
A flaw was found in the way Firefox handled browser navigations through
history. An attacker could possibly use this flaw to cause the address bar
of the browser to display a web page name while loading content from an
entirely different web page, which could allow for cross-site scripting
(XSS) attacks. (CVE-2014-1530)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary
Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,
Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse
Schwartzentrube as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to this updated package, which contains
Firefox version 24.5.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0449: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)
A use-after-free flaw was found in the way Thunderbird resolved hosts in
certain circumstances. An attacker could use this flaw to crash Thunderbird
or, potentially, execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2014-1532)
An out-of-bounds read flaw was found in the way Thunderbird decoded JPEG
images. Loading an email or a web page containing a specially crafted JPEG
image could cause Thunderbird to crash. (CVE-2014-1523)
A flaw was found in the way Thunderbird handled browser navigations through
history. An attacker could possibly use this flaw to cause the address bar
of the browser to display a web page name while loading content from an
entirely different web page, which could allow for cross-site scripting
(XSS) attacks. (CVE-2014-1530)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary
Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,
Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse
Schwartzentrube as the original reporters of these issues.
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.5.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.5.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0918: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro
Beekman, Patrick Cozzi, and Mozilla community member John as the original
reporters of these issues.
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.7.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.7.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0561: curl security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6curlcURL provides the libcurl library and a command line tool for downloading
files from servers using various protocols, including HTTP, FTP, and LDAP.
It was found that libcurl could incorrectly reuse existing connections for
requests that should have used different or no authentication credentials,
when using one of the following protocols: HTTP(S) with NTLM
authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl
library connected to a remote server with certain authentication
credentials, this flaw could cause other requests to use those same
credentials. (CVE-2014-0015, CVE-2014-0138)
Red Hat would like to thank the cURL project for reporting these issues.
Upstream acknowledges Paras Sethia as the original reporter of
CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of
this issue, and Steve Holme as the original reporter of CVE-2014-0138.
This update also fixes the following bugs:
* Previously, the libcurl library was closing a network socket without
first terminating the SSL connection using the socket. This resulted in a
write after close and consequent leakage of memory dynamically allocated by
the SSL library. An upstream patch has been applied on libcurl to fix this
bug. As a result, the write after close no longer happens, and the SSL
library no longer leaks memory. (BZ#1092479)
* Previously, the libcurl library did not implement a non-blocking SSL
handshake, which negatively affected performance of applications based on
libcurl's multi API. To fix this bug, the non-blocking SSL handshake has
been implemented by libcurl. With this update, libcurl's multi API
immediately returns the control back to the application whenever it cannot
read/write data from/to the underlying network socket. (BZ#1092480)
* Previously, the curl package could not be rebuilt from sources due to an
expired cookie in the upstream test-suite, which runs during the build. An
upstream patch has been applied to postpone the expiration date of the
cookie, which makes it possible to rebuild the package from sources again.
(BZ#1092486)
* Previously, the libcurl library attempted to authenticate using Kerberos
whenever such an authentication method was offered by the server. This
caused problems when the server offered multiple authentication methods and
Kerberos was not the selected one. An upstream patch has been applied on
libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication
if another authentication method is selected. (BZ#1096797)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications that use libcurl have to be restarted for this update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0747: python-jinja2 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6python-jinja2Jinja2 is a template engine written in pure Python. It provides a
Django-inspired, non-XML syntax but supports inline expressions and an
optional sandboxed environment.
It was discovered that Jinja2 did not properly handle bytecode cache files
stored in the system's temporary directory. A local attacker could use this
flaw to alter the output of an application using Jinja2 and
FileSystemBytecodeCache, and potentially execute arbitrary code with the
privileges of that application. (CVE-2014-1402)
All python-jinja2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. For the update to
take effect, all applications using python-jinja2 must be restarted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0376: openssl security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
An information disclosure flaw was found in the way OpenSSL handled TLS and
DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server
could send a specially crafted TLS or DTLS Heartbeat packet to disclose a
limited portion of memory per request from a connected client or server.
Note that the disclosed portions of memory could potentially include
sensitive information such as private keys. (CVE-2014-0160)
Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges Neel Mehta of Google Security as the original
reporter.
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0742: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes
Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,
Abhishek Arya, and Nils as the original reporters of these issues.
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.6.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.6.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0406: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0455, CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,
CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,
CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:0475: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's netfilter connection
tracking implementation for Datagram Congestion Control Protocol (DCCP)
packets used the skb_header_pointer() function. A remote attacker could use
this flaw to send a specially crafted DCCP packet to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2523,
Important)
* A flaw was found in the way the Linux kernel's Adaptec RAID controller
(aacraid) checked permissions of compat IOCTLs. A local attacker could use
this flaw to bypass intended security restrictions. (CVE-2013-6383,
Moderate)
* A flaw was found in the way the handle_rx() function handled large
network packets when mergeable buffers were disabled. A privileged guest
user could use this flaw to crash the host or corrupt QEMU process memory
on the host, which could potentially result in arbitrary code execution on
the host with the privileges of the QEMU process. (CVE-2014-0077, Moderate)
The CVE-2014-0077 issue was discovered by Michael S. Tsirkin of Red Hat.
This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0595: gnutls security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6gnutlsThe GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).
A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)
Red Hat would like to thank GnuTLS upstream for reporting this issue.
Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original
reporter.
Users of GnuTLS are advised to upgrade to these updated packages, which
correct this issue. For the update to take effect, all applications linked
to the GnuTLS library must be restarted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0597: squid security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6squidSquid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.
A denial of service flaw was found in the way Squid processed certain HTTPS
requests when the SSL Bump feature was enabled. A remote attacker could
send specially crafted requests that could cause Squid to crash.
(CVE-2014-0128)
Red Hat would like to thank the Squid project for reporting this issue.
Upstream acknowledges Mathias Fischer and Fabian Hugelshofer from Open
Systems AG as the original reporters.
All squid users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the squid service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0429: tomcat6 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was found that when Tomcat processed a series of HTTP requests in which
at least one request contained either multiple content-length headers, or
one content-length header with a chunked transfer-encoding header, Tomcat
would incorrectly handle the request. A remote attacker could use this flaw
to poison a web cache, perform cross-site scripting (XSS) attacks, or
obtain sensitive information from other requests. (CVE-2013-4286)
It was discovered that the fix for CVE-2012-3544 did not properly resolve a
denial of service flaw in the way Tomcat processed chunk extensions and
trailing headers in chunked requests. A remote attacker could use this flaw
to send an excessively long request that, when processed by Tomcat, could
consume network bandwidth, CPU, and memory on the Tomcat server. Note that
chunked transfer encoding is enabled by default. (CVE-2013-4322)
A denial of service flaw was found in the way Apache Commons FileUpload
handled small-sized buffers used by MultipartStream. A remote attacker
could use this flaw to create a malformed Content-Type header for a
multipart request, causing JBoss Web to enter an infinite loop when
processing such an incoming request. (CVE-2014-0050)
All Tomcat users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,
CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
This update also fixes the following bug:
* The OpenJDK update to IcedTea version 1.13 introduced a regression
related to the handling of the jdk_version_info variable. This variable was
not properly zeroed out before being passed to the Java Virtual Machine,
resulting in a memory leak in the java.lang.ref.Finalizer class.
This update fixes this issue, and memory leaks no longer occur.
(BZ#1085373)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0889: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0513: libxml2 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libxml2The libxml2 library is a development toolbox providing the implementation
of various XML standards.
It was discovered that libxml2 loaded external parameter entities even when
entity substitution was disabled. A remote attacker able to provide a
specially crafted XML file to an application linked against libxml2 could
use this flaw to conduct XML External Entity (XXE) attacks, possibly
resulting in a denial of service or an information leak on the system.
(CVE-2014-0191)
An out-of-bounds read flaw was found in the way libxml2 detected the end of
an XML file. A remote attacker could provide a specially crafted XML file
that, when processed by an application linked against libxml2, could cause
the application to crash. (CVE-2013-2877)
The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.
All libxml2 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The desktop must be
restarted (log out, then log back in) for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0348: xalan-j2 security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6xalan-j2** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0292: 389-ds-base security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-baseThe 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.
It was discovered that the 389 Directory Server did not properly handle
certain SASL-based authentication mechanisms. A user able to authenticate
to the directory using these SASL mechanisms could connect as any other
directory user, including the administrative Directory Manager account.
This could allow them to modify configuration values, as well as read and
write any data the directory holds. (CVE-2014-0132)
All 389-ds-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the 389 server service will be restarted automatically.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014:0376: openssl security update (Important)Oracle Linux 6CentOS Linux 6opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
An information disclosure flaw was found in the way OpenSSL handled TLS and
DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server
could send a specially crafted TLS or DTLS Heartbeat packet to disclose a
limited portion of memory per request from a connected client or server.
Note that the disclosed portions of memory could potentially include
sensitive information such as private keys. (CVE-2014-0160)
Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges Neel Mehta of Google Security as the original
reporter.
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Chandan M CDRAFTChandan M CChandan M CINTERIMMaria MikhnoACCEPTEDPrashant KumarINTERIMACCEPTEDACCEPTEDOracle Linux 6.xOracle Linux 6The operating system installed on the system is Oracle Linux 6.xDragos PrisacaDRAFTINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDRHSA-2014:0304: mutt security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6muttMutt is a text-mode mail user agent.
A heap-based buffer overflow flaw was found in the way mutt processed
certain email headers. A remote attacker could use this flaw to send an
email with specially crafted headers that, when processed, could cause mutt
to crash or, potentially, execute arbitrary code with the permissions of
the user running mutt. (CVE-2014-0467)
All mutt users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. All running instances of
mutt must be restarted for this update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0383: samba4 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6samba4Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
It was found that certain Samba configurations did not enforce the password
lockout mechanism. A remote attacker could use this flaw to perform
password guessing attacks on Samba user accounts. Note: this flaw only
affected Samba when deployed as a Primary Domain Controller.
(CVE-2013-4496)
A flaw was found in Samba's "smbcacls" command, which is used to set or get
ACLs on SMB file shares. Certain command line options of this command would
incorrectly remove an ACL previously applied on a file or a directory,
leaving the file or directory without the intended ACL. (CVE-2013-6442)
A flaw was found in the way the pam_winbind module handled configurations
that specified a non-existent group as required. An authenticated user
could possibly use this flaw to gain access to a service using pam_winbind
in its PAM configuration when group restriction was intended for access to
the service. (CVE-2012-6150)
Red Hat would like to thank the Samba project for reporting CVE-2013-4496
and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150.
Upstream acknowledges Andrew Bartlett as the original reporter of
CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442.
All users of Samba are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0310: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,
CVE-2014-1513, CVE-2014-1514)
Several information disclosure flaws were found in the way Firefox
processed malformed web content. An attacker could use these flaws to gain
access to sensitive information such as cross-domain content or protected
memory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,
CVE-2014-1508, CVE-2014-1505)
A memory corruption flaw was found in the way Firefox rendered certain PDF
files. An attacker able to trick a user into installing a malicious
extension could use this flaw to crash Firefox or, potentially, execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2014-1509)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,
Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,
Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,
Jüri Aedla, George Hotz, and the security research firm VUPEN as the
original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.4.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0741: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes
Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,
Abhishek Arya, and Nils as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.6.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 7Red Hat Enterprise Linux 7The operating system installed on the system is Red Hat Enterprise Linux 7.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 7.xCentOS Linux 7The operating system installed on the system is CentOS Linux 7.xMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0330: samba and samba3x security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6samba3xsambaSamba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0328: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0185: openswan security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6openswanOpenswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0222: libtiff security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libtiffThe LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0211: postgresql84 and postgresql security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6postgresql84postgresqlPostgreSQL is an advanced object-relational database management system
(DBMS).
Multiple stack-based buffer overflow flaws were found in the date/time
implementation of PostgreSQL. An authenticated database user could provide
a specially crafted date/time value that, when processed, could cause
PostgreSQL to crash or, potentially, execute arbitrary code with the
permissions of the user running PostgreSQL. (CVE-2014-0063)
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in various type input functions in PostgreSQL. An authenticated
database user could possibly use these flaws to crash PostgreSQL or,
potentially, execute arbitrary code with the permissions of the user
running PostgreSQL. (CVE-2014-0064)
Multiple potential buffer overflow flaws were found in PostgreSQL.
An authenticated database user could possibly use these flaws to crash
PostgreSQL or, potentially, execute arbitrary code with the permissions of
the user running PostgreSQL. (CVE-2014-0065)
It was found that granting an SQL role to a database user in a PostgreSQL
database without specifying the "ADMIN" option allowed the grantee to
remove other users from their granted role. An authenticated database user
could use this flaw to remove a user from an SQL role which they were
granted access to. (CVE-2014-0060)
A flaw was found in the validator functions provided by PostgreSQL's
procedural languages (PLs). An authenticated database user could possibly
use this flaw to escalate their privileges. (CVE-2014-0061)
A race condition was found in the way the CREATE INDEX command performed
multiple independent lookups of a table that had to be indexed. An
authenticated database user could possibly use this flaw to escalate their
privileges. (CVE-2014-0062)
It was found that the chkpass extension of PostgreSQL did not check the
return value of the crypt() function. An authenticated database user could
possibly use this flaw to crash PostgreSQL via a null pointer dereference.
(CVE-2014-0066)
Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Noah Misch as the original reporter of
CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the
original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as
the original reporters of CVE-2014-0065, Andres Freund as the original
reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original
reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the
original reporters of CVE-2014-0066.
These updated packages upgrade PostgreSQL to version 8.4.20, which fixes
these issues as well as several non-security issues. Refer to the
PostgreSQL Release Notes for a full list of changes:
http://www.postgresql.org/docs/8.4/static/release-8-4-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-20.html
All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the postgresql
service is running, it will be automatically restarted after installing
this update.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0420: qemu-kvm security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmKVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.
Multiple integer overflow, input validation, logic error, and buffer
overflow flaws were discovered in various QEMU block drivers. An attacker
able to modify a disk image file loaded by a guest could use these flaws to
crash the guest, or corrupt QEMU process memory on the host, potentially
resulting in arbitrary code execution on the host with the privileges of
the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145,
CVE-2014-0147)
A buffer overflow flaw was found in the way the virtio_net_handle_mac()
function of QEMU processed guest requests to update the table of MAC
addresses. A privileged guest user could use this flaw to corrupt QEMU
process memory on the host, potentially resulting in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2014-0150)
A divide-by-zero flaw was found in the seek_to_sector() function of the
parallels block driver in QEMU. An attacker able to modify a disk image
file loaded by a guest could use this flaw to crash the guest.
(CVE-2014-0142)
A NULL pointer dereference flaw was found in the QCOW2 block driver in
QEMU. An attacker able to modify a disk image file loaded by a guest could
use this flaw to crash the guest. (CVE-2014-0146)
It was found that the block driver for Hyper-V VHDX images did not
correctly calculate BAT (Block Allocation Table) entries due to a missing
bounds check. An attacker able to modify a disk image file loaded by a
guest could use this flaw to crash the guest. (CVE-2014-0148)
The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi
of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff
Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues
were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was
discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142,
CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of
Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of
Red Hat.
All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0431: virt-viewer bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6virt-viewerThe virt-viewer packages provide Virtual Machine Viewer, which is a lightweight interface for interacting with the graphical display of a virtualized guest. Virtual Machine Viewer uses libvirt and is intended as a replacement for traditional VNC or SPICE clients.
This update fixes the following bug:
* Prior to this update, Spice determined the scaling of windows incorrectly by using the original desktop size instead of the host screen size. As a consequence, when a guest window was open in Spice, the screen could under some circumstances become blurry. With this update, the guest window scaling has been fixed and this problem no longer occurs. (BZ#1081376)
Users of virt-viewer are advised to upgrade to these updated packages, which fix this bug.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0370: httpd security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6httpdThe log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0321: net-snmp security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6net-snmpThe Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0626: openssl097a and openssl098e security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6openssl097aopenssl098eOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0342: wireshark security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6wiresharkBuffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0293: udisks security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6udisksThe udisks package provides a daemon, a D-Bus API, and command line
utilities for managing disks and storage devices.
A stack-based buffer overflow flaw was found in the way udisks handled
files with long path names. A malicious, local user could use this flaw to
create a specially crafted directory structure that, when processed by the
udisks daemon, could lead to arbitrary code execution with the privileges
of the udisks daemon (root). (CVE-2014-0004)
This issue was discovered by Florian Weimer of the Red Hat Product
Security Team.
All udisks users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0316: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,
CVE-2014-1513, CVE-2014-1514)
Several information disclosure flaws were found in the way Thunderbird
processed malformed web content. An attacker could use these flaws to gain
access to sensitive information such as cross-domain content or protected
memory addresses or, potentially, cause Thunderbird to crash.
(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)
A memory corruption flaw was found in the way Thunderbird rendered certain
PDF files. An attacker able to trick a user into installing a malicious
extension could use this flaw to crash Thunderbird or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2014-1509)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,
Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,
Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,
Jüri Aedla, George Hotz, and the security research firm VUPEN as the
original reporters of these issues.
Note: All of the above issues cannot be exploited by a specially-crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.4.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.4.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0596: libtasn1 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libtasn1The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing
and structures management, and Distinguished Encoding Rules (DER) encoding
and decoding functions.
It was discovered that the asn1_get_bit_der() function of the libtasn1
library incorrectly reported the length of ASN.1-encoded data. Specially
crafted ASN.1 input could cause an application using libtasn1 to perform
an out-of-bounds access operation, causing the application to crash or,
possibly, execute arbitrary code. (CVE-2014-3468)
Multiple incorrect buffer boundary check issues were discovered in
libtasn1. Specially crafted ASN.1 input could cause an application using
libtasn1 to crash. (CVE-2014-3467)
Multiple NULL pointer dereference flaws were found in libtasn1's
asn1_read_value() function. Specially crafted ASN.1 input could cause an
application using libtasn1 to crash, if the application used the
aforementioned function in a certain way. (CVE-2014-3469)
Red Hat would like to thank GnuTLS upstream for reporting these issues.
All libtasn1 users are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the libtasn1 library must be restarted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0246: gnutls security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6gnutlslib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0175: piranha security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6piranhaThe Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0127: librsvg2 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6librsvg2GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0132: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxThe Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0126: openldap security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6openldapThe rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0103: libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libvirtRace condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0151: wget security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6wgetGNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0159: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0889: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeBuffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0139: pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pidginThe IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1268: firefox security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a
certain Certificate Authority (CA) as untrusted, but made an exception for
a select few. This update removes that exception, rendering every HTTPS
certificate signed by that CA as untrusted. (BZ#735483)
All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.22. After installing the update, Firefox must be
restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1341: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0097: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1790: krb5 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6krb5The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1814: ipmitool security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6ipmitoolipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1780: tomcat6 security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1815: icu security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6icuStack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1458: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindquery.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1242: firefox security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
It was found that a Certificate Authority (CA) issued a fraudulent HTTPS
certificate. This update renders any HTTPS certificates signed by that
CA as untrusted, except for a select few. The now untrusted certificates
that were issued before July 1, 2011 can be manually re-enabled and used
again at your own risk in Firefox; however, affected certificates issued
after this date cannot be re-enabled or used. (BZ#734316)
All Firefox users should upgrade to these updated packages, which contain
a backported patch. After installing the update, Firefox must be restarted
for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1852: krb5-appl security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6krb5-applBuffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1819: dhcp security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6dhcpdhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1132: dbus security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dbusThe _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1508: cyrus-imapd security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6cyrus-imapdThe index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1243: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
It was found that a Certificate Authority (CA) issued a fraudulent HTTPS
certificate. This update renders any HTTPS certificates signed by that
CA as untrusted, except for a select few. The now untrusted certificates
that were issued before July 1, 2011 can be manually re-enabled and used
again at your own risk in Thunderbird; however, affected certificates
issued after this date cannot be re-enabled or used. (BZ#734316)
All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be
restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1154: libXfont security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libXfontThe LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1849: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0894: systemtap security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6systemtapThe staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1282: nss and nspr security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6nsprnssnss-toolsNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI
operating system facilities.
It was found that a Certificate Authority (CA) issued fraudulent HTTPS
certificates. This update renders any HTTPS certificates signed by that CA
as untrusted. This covers all uses of the certificates, including SSL,
S/MIME, and code signing. (BZ#734316)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
These updated packages upgrade NSS to version 3.12.10 on Red Hat Enterprise
Linux 4 and 5. As well, they upgrade NSPR to version 4.8.8 on Red Hat
Enterprise Linux 4 and 5, as required by the NSS update. The packages for
Red Hat Enterprise Linux 6 include a backported patch.
All NSS and NSPR users should upgrade to these updated packages, which
correct this issue. After installing the update, applications using NSS and
NSPR must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0044: augeas security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6augeasThe transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0015: openssl security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6opensslThe DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1317: cyrus-imapd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6cyrus-imapdStack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1455: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeFreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1791: squid security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6squidThe idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1160: dhcp security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dhcpThe server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1801: qemu-kvm security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmBuffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1187: dovecot security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6dovecotlib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1267: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by
a certain Certificate Authority (CA) as untrusted, but made an exception
for a select few. This update removes that exception, rendering every HTTPS
certificate signed by that CA as untrusted. (BZ#735483)
All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be
restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1402: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeFreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1359: xorg-x11-server security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xorg-x11-serverThe ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0844: apr security update (Low)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6aprThe fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0164: mysql security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1444: nss security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6Network Security Services (NSS) is a set of libraries designed to support
the development of security-enabled client and server applications.
It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate
Certificate Authority (CA) issued HTTPS certificates with weak keys. This
update renders any HTTPS certificates signed by that CA as untrusted. This
covers all uses of the certificates, including SSL, S/MIME, and code
signing. Note: Digicert Sdn. Bhd. is not the same company as found at
digicert.com. (BZ#751366)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
This update also fixes the following bug on Red Hat Enterprise Linux 5:
* When using mod_nss with the Apache HTTP Server, a bug in NSS on Red Hat
Enterprise Linux 5 resulted in file descriptors leaking each time the
Apache HTTP Server was restarted with the "service httpd reload" command.
This could have prevented the Apache HTTP Server from functioning properly
if all available file descriptors were consumed. (BZ#743508)
For Red Hat Enterprise Linux 6, these updated packages upgrade NSS to
version 3.12.10. As well, they upgrade NSPR (Netscape Portable Runtime) to
version 4.8.8 and nss-util to version 3.12.10 on Red Hat
Enterprise Linux 6, as required by the NSS update. (BZ#735972, BZ#736272,
BZ#735973)
All NSS users should upgrade to these updated packages, which correct this
issue. After installing the update, applications using NSS must be
restarted for the changes to take effect. In addition, on Red Hat
Enterprise Linux 6, applications using NSPR and nss-util must also be
restarted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0511: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6flash-pluginInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0376: dbus security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dbusStack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0018: libXfont security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libXfontStack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0392: libtiff security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffHeap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1164: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1821: pidgin security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pidginThe XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0170: libuser security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libuserlibuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1241: ecryptfs-utils security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6ecryptfs-utils** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1777: qemu-kvm security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmBuffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1377: postgresql security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6postgresqlcrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1385: kdelibs and kdelibs3 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6kdelibskdelibs3The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1437: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1423: php53 and php security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6php53phpcrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0043: bind security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6bindThe query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0133: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdThe Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1512: libxml2 security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1349: rpm security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6rpmRPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1462: mysql security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0026: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1807: jasper security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6jasperThe jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1455: gegl security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6geglMultiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1483: thunderbird security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1256: ghostscript security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6ghostscriptMultiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1180: gimp security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6gimpInteger overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1151: openldap security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6openldaplibraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1384: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1386: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1461: libproxy security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libproxyHeap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0884: openssh security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6opensshThe ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1009: java-1.7.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1288: libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1304: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelRace condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1234: qemu-kvm security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmQemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1326: freeradius security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6freeradiusStack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1037: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6postgresql84postgresqlPostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1139: bind-dyndb-ldap security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6bind-dyndb-ldapThe dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1380: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0987: sblim-cim-client2 security update (Low)Red Hat Enterprise Linux 6CentOS Linux 6sblim-cim-client2internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6rsyslogInteger overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0973: nss, nss-util, and nspr security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6nsprnssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
It was found that a Certificate Authority (CA) issued a subordinate CA
certificate to its customer, that could be used to issue certificates for
any name. This update renders the subordinate CA certificate as untrusted.
(BZ#798533)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
The nspr package has been upgraded to upstream version 4.9, which provides
a number of bug fixes and enhancements over the previous version.
(BZ#799193)
The nss-util package has been upgraded to upstream version 3.13.3, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#799192)
The nss package has been upgraded to upstream version 3.13.3, which
provides numerous bug fixes and enhancements over the previous version. In
particular, SSL 2.0 is now disabled by default, support for SHA-224 has
been added, PORT_ErrorToString and PORT_ErrorToName now return the error
message and symbolic name of an NSS error code, and NSS_GetVersion now
returns the NSS version string. (BZ#744070)
These updated nss, nss-util, and nspr packages also provide fixes for the
following bugs:
* A PEM module internal function did not clean up memory when detecting a
non-existent file name. Consequently, memory leaks in client code occurred.
The code has been improved to deallocate such temporary objects and as a
result the reported memory leakage is gone. (BZ#746632)
* Recent changes to NSS re-introduced a problem where applications could
not use multiple SSL client certificates in the same process. Therefore,
any attempt to run commands that worked with multiple SSL client
certificates, such as the "yum repolist" command, resulted in a
re-negotiation handshake failure. With this update, a revised patch
correcting this problem has been applied to NSS, and using multiple SSL
client certificates in the same process is now possible again. (BZ#761086)
* The PEM module did not fully initialize newly constructed objects with
function pointers set to NULL. Consequently, a segmentation violation in
libcurl was sometimes experienced while accessing a package repository.
With this update, the code has been changed to fully initialize newly
allocated objects. As a result, updates can now be installed without
problems. (BZ#768669)
* A lack-of-robustness flaw caused the administration server for Red Hat
Directory Server to terminate unexpectedly because the mod_nss module made
nss calls before initializing nss as per the documented API. With this
update, nss protects itself against being called before it has been
properly initialized by the caller. (BZ#784674)
* Compilation errors occurred with some compilers when compiling code
against NSS 3.13.1. The following error message was displayed:
pkcs11n.h:365:26: warning: "__GNUC_MINOR" is not defined
An upstream patch has been applied to improve the code and the problem no
longer occurs. (BZ#795693)
* Unexpected terminations were reported in the messaging daemon (qpidd)
included in Red Hat Enterprise MRG after a recent update to nss. This
occurred because qpidd made nss calls before initializing nss. These
updated packages prevent qpidd and other affected processes that call nss
without initializing as mandated by the API from crashing. (BZ#797426)
Users of NSS, NSPR, and nss-util are advised to upgrade to these updated
packages, which fix these issues and add these enhancements. After
installing this update, applications using NSS, NSPR, or nss-util must be
restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1434: icedtea-web security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6icedtea-webOff-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1362: thunderbird security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1422: openswan security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6openswanUse-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1064: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1350: firefox security and bug fix update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerHeap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0902: cifs-utils security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6cifs-utilsmount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0958: sos security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6sosThe sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1426: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelMultiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1265: libxslt security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libxsltDouble free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1551: mysql security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mysqlStack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1054: libtiff security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffMultiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1088: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1135: libreoffice security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6libreofficeMultiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1269: qpid security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6python-qpidqpid-cppqpid-qmfqpid-toolsApache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1068: openjpeg security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6openjpegMultiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0899: openldap security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6openldapslapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0507: apr security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6aprStack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1046: php security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6phpInteger overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1123: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0810: busybox security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6busyboxThe DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0874: mysql security and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6mysqlMySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1208: glibc security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6glibcMultiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1283: openjpeg security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6openjpegHeap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1268: bind security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6bindISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0997: 389-ds-base security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-base389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0743: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0467: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0393: glibc security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6glibcInteger overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0862: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0481: kernel security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0876: net-snmp security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6net-snmpArray index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1206: python-paste-script security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6python-paste-scriptPaste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1210: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxxulrunnerThe web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0811: php-pecl-apc security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6php-pecl-apcCross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0710: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerHeap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0715: thunderbird security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdHeap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0018: libxml2 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6libxml2Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0136: libvorbis security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libvorbisMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0546: php security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6phpsapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0388: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0544: ImageMagick security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6ImageMagickThe TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0744: python security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pythonPython before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0699: openssl security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6opensslInteger underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0813: 389-ds-base security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-baseThe acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1418: kdelibs security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6kdelibskhtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1549: bind security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6bindISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1590: libtiff security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffStack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0571: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1131: krb5 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6krb5The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1261: dbus security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6dbuslibdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0518: openssl security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6opensslopenssl097aopenssl098eThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1263: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6postgresql84postgresqlThe xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1223: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkMultiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0317: libpng security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libpnglibpng10Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0465: samba security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6sambaThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0841: abrt, libreport, btparser, and python-meh security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6abrtbtparserlibreportpython-mehThe C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1361: xulrunner security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerMozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0135: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0678: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6postgresql84postgresqlCRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0019: php53 and php security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6php53phpPHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0515: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0410: raptor security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6raptorRedland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0705: openoffice.org security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6openoffice.orgInteger overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1116: perl-DBD-Pg security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6perl-DBD-PgMultiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0105: mysql security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0093: php security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6phpThe php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0475: tomcat6 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1351: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdHeap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0729: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1363: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1359: libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libvirtThe virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0058: glibc security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6glibcThe svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1221: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1823: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdThe nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1089: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0716: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0426: openssl security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6opensslThe mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1259: quagga security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6quaggaThe bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1457: libgcrypt security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libgcryptGnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1211: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdThe web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0468: libtiff security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffMultiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1866: ca-certificates security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6ca-certificateThis package contains the set of CA certificates chosen by the Mozilla
Foundation for use with the Internet Public Key Infrastructure (PKI).
It was found that a subordinate Certificate Authority (CA) mis-issued an
intermediate certificate, which could be used to conduct man-in-the-middle
attacks. This update renders that particular intermediate certificate as
untrusted. (BZ#1038894)
All users should upgrade to this updated package. After installing the
update, all applications using the ca-certificates package must be
restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1778: gimp security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gimpHeap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1500: gc security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6gcMultiple integer overflows in the (1) GC_generic_malloc and (2) calloc funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1366: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1272: libvirt security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6libvirtlibvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1098: glibc security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6glibcThe vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1091: nss, nspr, and nss-util security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6nsprnssnss-utilThe ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1764: ruby security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6rubyHeap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1274: hplip security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6hplipThe check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0831: libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libvirtThe remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1081: sudo security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6sudosudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1051: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1114: bind security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6bindThe RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1452: vino security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6vinoThe vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0516: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0883: gnutls security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gnutlsThe _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0897: mesa security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mesaMultiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0052: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0069: ruby security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6rubyRuby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1806: samba and samba3x security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6samba3xsambaSamba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1156: httpd security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6httpdmod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1418: libtar security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libtarOpen redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1505: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0983: curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6curlHeap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1803: libjpeg-turbo security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libjpeg-turboThe get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0059: openssl security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6opensslThe Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0050: qemu-kvm security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmHeap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0143: xulrunner security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1473: spice-server security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6spice-serverStack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1119: 389-ds-base security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-baseThe Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0697: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdInteger signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6nsprnssnss-softoknnss-utilThe TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1192: spice-server security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6spice-serverThe (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0714: stunnel security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6stunnelstunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1090: ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6rubyThe OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0939: xorg-x11-server security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6xorg-x11-serverThe LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1273: spice-gtk security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6spice-gtkspice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1476: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerThe txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1813: php53 and php security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6php53phpThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0509: wireshark security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6wiresharkThe pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0696: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerInteger signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0272: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0774: libguestfs security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6libguestfsvirt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0502: Core X11 clients security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6xorg-x11-appsxorg-x11-server-utilsxorg-x11-utilsUntrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0942: krb5 security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6krb5schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0580: cups security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6cupsCUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0820: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerUse-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0683: bind-dyndb-ldap security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6bind-dyndb-ldapThe handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0957: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1426: xorg-x11-server security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6xorg-x11-serverUse-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0321: cvs security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6cvsHeap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1850: openjpeg security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6openjpegHeap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0376: systemtap security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6systemtapSystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0140: thunderbird security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6thunderbirdInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0250: elinks security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6elinksThe http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1282: rtkit security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6rtkitRealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0271: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6devhelpfirefoxxulrunneryelplibproxyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0884: libtirpc security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libtirpcThe svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0827: openswan security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6openswanBuffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0687: pixman security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pixmanStack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0646: pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pidginupnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0276: libvirt security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libvirtDnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0628: 389-ds-base security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-base389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0748: krb5 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6krb5The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0350: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1475: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6postgresql84postgresqlWebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0427: libtasn1 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6libtasn1The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0387: firefox security and bug fix update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerUse-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0550: bind security and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6bindISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0589: git security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6gitThe imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1202: libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6libvirtThe virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1868: xorg-x11-server security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6xorg-x11-serverInteger underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0587: openssl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6opensslThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0517: util-linux-ng security, bug fix and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6util-linux-ng(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0623: tomcat6 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0751: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1482: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1436: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelInterpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0815: httpd security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6httpdmod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0512: httpd security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6httpdThe mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1869: pixman security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pixmanInteger underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0590: nss-pam-ldapd security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6nss-pam-ldapdnss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0568: dbus-glib security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dbus-glibThe dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0567: kernel security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelRace condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0270: jakarta-commons-httpclient security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6jakarta-commons-httpclientApache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1132: icedtea-web security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6icedtea-webThe IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0526: automake security update (Low)Red Hat Enterprise Linux 6CentOS Linux 6automakeThe "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6evolution-mapiopenchangeThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0821: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1409: xinetd security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xinetdxinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0896: qemu-kvm security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmThe qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1779: mod_nss security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6mod_nssmod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1142: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2013-1701)
A flaw was found in the way Thunderbird generated Certificate Request
Message Format (CRMF) requests. An attacker could use this flaw to perform
cross-site scripting (XSS) attacks or execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2013-1710)
A flaw was found in the way Thunderbird handled the interaction between
frames and browser history. An attacker could use this flaw to trick
Thunderbird into treating malicious content as if it came from the browser
history, allowing for XSS attacks. (CVE-2013-1709)
It was found that the same-origin policy could be bypassed due to the way
Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker
could use this flaw to perform XSS attacks, or install malicious add-ons
from third-party pages. (CVE-2013-1713)
It was found that web workers could bypass the same-origin policy. An
attacker could use this flaw to perform XSS attacks. (CVE-2013-1714)
It was found that, in certain circumstances, Thunderbird incorrectly
handled Java applets. If a user launched an untrusted Java applet via
Thunderbird, the applet could use this flaw to obtain read-only access to
files on the user's local system. (CVE-2013-1717)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Jeff Gilbert, Henrik Skupin, moz_bug_r_a4, Cody
Crews, Federico Lanusse, and Georgi Guninski as the original reporters of
these issues.
Note: All of the above issues cannot be exploited by a specially-crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 17.0.8 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDACCEPTEDRHSA-2013:0614: xulrunner security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerUse-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6samba4The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0668: boost security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6boostInteger overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0219: mysql security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6mysqlUnspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0685: perl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6perlThe rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0503: 389-ds-base security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-base389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0869: tomcat6 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0744: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelnet/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0499: xinetd security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6xinetdbuiltins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0199: libvirt security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6libvirtUse-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0508: sssd security, bug fix and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6sssdThe (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0514: php security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6phpUnspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0247: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0500: hplip security, bug fix and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6hplipHP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0669: qt security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6qtThe QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0324: libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0772: mysql security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mysqlUnspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0188: ipa security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6ipaThe client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0522: gdb security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6gdbGNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0451: rpm security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6rpmThe headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0627: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1049: php security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6phpext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0516: evolution security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6evolutionGNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0509: rdma security, bug fix and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6ibacminfinipath-psmlibibmadlibibumadlibibverbslibmlx4librdmacmopensmrdmaibsimibutilsinfiniband-diagsibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0095: ghostscript security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6ghostscript** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0277: dnsmasq security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6dnsmasqDnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0496: Red Hat Enterprise Linux 6 kernel update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1269: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1284: spice-gtk security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6spice-gtklibgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0737: subversion security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6subversionThe mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1801: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1451: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0581: libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0504: dhcp security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6dhcpISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0830: kernel security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1441: rubygems security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6rubygemsAlgorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0144: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0223: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0523: ccid security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6ccidSignedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1480: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1173: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0080: thunderbird security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6thunderbirdMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0128: httpd security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6httpdprotocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1120: haproxy security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6haproxyHAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0213: nss, nss-util, and nspr security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 6CentOS Linux 6nsprnssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
It was found that a Certificate Authority (CA) mis-issued two intermediate
certificates to customers. These certificates could be used to launch
man-in-the-middle attacks. This update renders those certificates as
untrusted. This covers all uses of the certificates, including SSL, S/MIME,
and code signing. (BZ#890605)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
In addition, the nss package has been upgraded to upstream version 3.13.6,
the nss-util package has been upgraded to upstream version 3.13.6, and the
nspr package has been upgraded to upstream version 4.9.2. These updates
provide a number of bug fixes and enhancements over the previous versions.
(BZ#891663, BZ#891670, BZ#891661)
Users of NSS, NSPR, and nss-util are advised to upgrade to these updated
packages, which fix these issues and add these enhancements. After
installing this update, applications using NSS, NSPR, or nss-util must be
restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0245: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0964: tomcat6 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6tomcat6java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0982: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdThe XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1413: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0165: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6java-1.7.0-openjdkMultiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1100: qemu-kvm security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmUnquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1805: samba4 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6samba4Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0533: samba and samba3x security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6samba3xsambaThe (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1014: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1861: nss security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6nssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
It was found that a subordinate Certificate Authority (CA) mis-issued an
intermediate certificate, which could be used to conduct man-in-the-middle
attacks. This update renders that particular intermediate certificate as
untrusted. (BZ#1038894)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
All NSS users should upgrade to these updated packages, which correct this
issue. After installing the update, applications using NSS must be
restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0753: icedtea-web security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6icedtea-webThe IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0742: 389-ds-base security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-baseThe do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0407: libpng security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libpngInteger signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0216: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeThe _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1102: pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pidginBuffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1270: polkit security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6polkitRace condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0275: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0217: mingw32-libxml2 security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6mingw32-libxml2Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0588: gnutls security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gnutlsThe TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1268: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0273: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1459: nspluginwrapper security and bug fix update (Low)Red Hat Enterprise Linux 6CentOS Linux 6nspluginwrappernspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0911: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelA certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1812: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxThe nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0656: krb5 security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6krb5The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0602: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.7.0-openjdkThe color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0062: t1lib security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6t1libOff-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0528: ipa security, bug fix and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6ipaThe default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0169: vino security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6vinoVino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0630: kernel security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0505: squid security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6squidMultiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0215: abrt and libreport security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6abrtlibreportabrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0218: xorg-x11-drv-qxl security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6xorg-x11-drv-qxlThe QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0663: sssd security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6sssdThe Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0079: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0609: qemu-kvm security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6qemu-kvmBuffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0523: libpng security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libpngThe png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1580: kernel security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelThe online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0521: pam security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pamThe _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0981: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerThe XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1459: gnupg2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gnupg2The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1407: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1255: libexif security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libexifInteger underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0880: qt security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6qtStack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1156: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6kernelInteger overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0137: texlive security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6texliveOff-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1582: python security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pythonThe ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0525: pcsc-lite security and bug fix update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pcsc-liteStack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1141: dhcp security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6dhcpMultiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1829: nss, nspr, and nss-util security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6nsprnssnss-utilInteger overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1140: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0748: libvirt security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 6CentOS Linux 6libvirtlibvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0612: ruby security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6rubylib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0429: gnutls security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6gnutlsgnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0731: expat security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6expatMemory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0511: pki-core security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6pki-coreMultiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0369: python-sqlalchemy security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6python-sqlalchemyMultiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0868: haproxy security update (Moderate)Red Hat Enterprise Linux 6CentOS Linux 6haproxyBuffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0770: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0689: bind security and bug fix update (Important)Red Hat Enterprise Linux 6CentOS Linux 6bindlibdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0605: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6CentOS Linux 6java-1.6.0-openjdkThe color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1182: 389-ds-base security update (Important)Red Hat Enterprise Linux 6CentOS Linux 6389-ds-basens-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0771: curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6curlThe tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0145: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 6Red Hat Enterprise Linux 6The operating system installed on the system is Red Hat Enterprise Linux 6.Maria KedovskayaDRAFTMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 6.xCentOS Linux 6The operating system installed on the system is CentOS Linux 6.xDragos PrisacaDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 5.xCentOS Linux 5The operating system installed on the system is CentOS Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 5Red Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDjava-1.6.0-openjdk-debuginfojava-1.8.0-openjdk-accessibilityqemu-kvmqemu-kvm-toolsqemu-guest-agentopensslopenssl-staticopenssl-developenssl-perlrpm-pythonrpm-debuginforpm-develrpmrpm-apidocspoptrpm-libsrpm-buildjava-1.7.0-openjdk-debuginfobind-debuginfobind-sdb-chrootbind-libs-litebind-licensebind-lite-develjasper-debuginfosntpntp-docntp-debuginfontpdatentp-perlntpthunderbird-debuginfolibXfont-debuginfomailx-debuginfomailxmod_auth_mellon-debuginfomod_auth_mellonwget-debuginfolibvirt-debuginfolibvncserver-devellibvncserver-debuginfolibvncserverruby-debuginfophp-mysqlndfirefox-debuginfoxerces-j2-javadoc-otherxerces-j2-javadoc-implxerces-j2-scriptsxerces-j2-javadoc-apisxerces-j2-javadocxerces-j2-javadoc-xnixerces-j2-demoxerces-j2ocaml-libguestfslibguestfsruby-libguestfslibguestfs-debuginfolibguestfs-tools-clibguestfs-toolsocaml-libguestfs-devellibguestfs-javalibguestfs-develperl-Sys-Guestfspython-libguestfslibguestfs-java-devellibguestfs-javadocqemu-kvm-debuginfolibibverbs-debuginfoopenmpimpitests-mvapich-psmibutils-debuginfoqperflibrdmacm-debuginfoopenmpi-debuginfoqperf-debuginfoopenmpi-develmpitests-mvapich2mpitests-mvapichmpitests-openmpimpitests-debuginfoperftestperftest-debuginfolibmlx4-debuginfompitests-mvapich2-psmkdelibs-commonkdelibs-debuginfo389-ds-base-debuginfolibxml2-debuginfocontrol-center-filesystemgnome-panel-debuginfoevolution-data-server-debuginfoplanner-edsevolution-exchangegnome-python2-libgtop2control-center-develtotem-mozplugingnome-python2-braserognome-panel-develevolution-devel-docsevolution-exchange-debuginfoevolution-data-server-doccontrol-center-debuginfognome-python2-totempidgin-debuginfocontrol-center-extragtkhtml3libgdata-develtotem-nautilusplannergtkhtml3-debuginfototem-jamendognome-python2-rsvggnome-python2-gnomeprinttotem-develtotem-youtubenautilus-sendtognome-python2-libwnckgnome-python2-evolutionevolution-debuginfocontrol-centergnome-python2-desktop-debuginfognome-python2-gnomedesktopgnome-python2-evincegnome-python2-desktopgtkhtml3-develgnome-python2-appletcheese-debuginfoplanner-debuginfocheeseevolution-data-servertotemgnome-python2-bugbuddyekiga-debuginfototem-upnpevolution-data-server-develgnome-python2-metacityplanner-develnautilus-sendto-develgnome-python2-gtksourceviewekigalibgdata-debuginfoopenchange-debuginfonautilus-sendto-debuginfognome-panel-libsgnome-python2-gnomekeyringgnome-panellibgdatatotem-debuginfoevolution-mapi-debuginfofile-debuginfofile-develfile-staticfile-libspython-magicfilesubversion-debuginfocups-debuginfoxorg-x11-server-debuginfophp-debuginfodovecot-debuginfojava-1.8.0-openjdk-debuginfojava-1.8.0-openjdk-srcjava-1.8.0-openjdkjava-1.8.0-openjdk-demojava-1.8.0-openjdk-headlessjava-1.8.0-openjdk-develjava-1.8.0-openjdk-javadoctrousers-debuginfotrousers-develtrousers-statictrouserskrb5-debuginfoaugeas-debuginfowireshark-debuginfoaxis-javadocaxisaxis-manualrsyslog5-pgsqlrsyslog5-debuginforsyslog-debuginforsyslog5-gnutlsrsyslog5-gssapirsyslog5rsyslog-gssapirsyslog-relprsyslog5-snmprsyslogrsyslog-mysqlrsyslog-gnutlsrsyslog-pgsqlrsyslog5-mysqlopenssh-debuginforsyslog7-debuginforsyslog7rsyslog7-elasticsearchrsyslog7-mysqlrsyslog7-relprsyslog7-pgsqlrsyslog7-gssapirsyslog7-gnutlsrsyslog7-snmplibXi-debuginfolibXp-debuginfolibXxf86dga-debuginfolibXrender-debuginfolibXinerama-debuginfolibXt-debuginfolibXvMC-debuginfolibXfixes-debuginfolibXxf86vm-debuginfolibXrandr-debuginfolibXcursor-debuginfolibX11-debuginfolibXv-debuginfolibxcb-debuginfolibXtst-debuginfolibXres-debuginfolibdmx-debuginfolibXext-debuginfolibXrandr-devellibXxf86dgalibXtst-devellibX11-devellibxcb-pythonlibxcb-devellibX11xorg-x11-xtrans-devellibXxf86dga-devellibxcblibXvMC-develxcb-protolibdmxlibXxf86vm-develxkeyboard-config-devellibXi-devellibXrender-devellibXrenderlibXtlibdmx-devellibXfixes-devellibXres-devellibXinerama-devellibX11-commonlibXv-devellibXineramalibXp-devellibXext-devellibXtstxkeyboard-configlibXfixeslibXilibXt-devellibXxf86vmlibXcursorlibxcb-docxorg-x11-proto-devellibXplibXextlibXreslibXcursor-devellibXvlibXvMClibXrandrnss-softokn-debuginfonss-util-debuginfonss-debuginfopacemaker-libspacemaker-cluster-libspacemaker-clipacemaker-ctspacemaker-debuginfopacemakerpacemaker-libs-develpacemaker-remotepacemaker-docglibc-debuginfoglibc-debuginfo-commonbashbash-docprocmailopenssl-libsluciglibc-staticglibc-staticsudo-develsudocoreutilscoreutils-libslzolzo-minilzolzo-develkernel-debuginfo-common-i686kernel-debug-debuginfopython-perf-debuginfokernel-debuginfoperf-debuginfokernel-debuginfo-common-x86_64lzolzo-devellzo-minilzomod_wsgidovecot-pigeonholenss-sysinitnsscurlpython-jinja2openssl-debuginfoopenssl-perljava-1.7.0-openjdk-headlessjava-1.7.0-openjdk-accessibilitytomcat6-jsp-2.1-apitomcat6java-1.6.0-openjdkjava-1.6.0-openjdk-javadocjava-1.7.0-openjdk-headlessjava-1.7.0-openjdk-accessibilityxalan-j2xalan-j2-javadocxalan-j2-demoxalan-j2-manualxalan-j2-xsltc389-ds-baseopenssl-developenssl-perlopenssl-staticopensslmuttsamba4samba4-winbindsamba4-winbind-clientslibsmbclientsamba-commonsamba-winbind-clientssamba-dockernel-headerskernel-bootwrapperkernel-kdumpkernel-abi-whitelistsqemu-imgqemu-kvmvirt-viewerhttpd-develnet-snmp-libswireshark-develwireshark-gnomeudisksudisks-devel-docsudisks-devellibtasn1piranhakmod-kvmlibrsvg2-devellibrsvg2wgetipmitoollibicu-devellibicuiculibicu-dockrb5-appl-serverskrb5-appl-clientskrb5-applsystemtap-clientsystemtap-grapheraugeasaugeas-develaugeas-libscyrus-imapd-perlcyrus-imapd-utilscyrus-imapdcyrus-imapd-devellibdhcp4client-devellibdhcp4clientdovecot-pigeonholedovecot-develdovecotdovecot-mysqldovecot-pgsqlflash-plugindbus-doclibXfont-devellibXfontlibtiff-staticlibuser-pythonlibuser-devellibuserecryptfs-utils-pythonecryptfs-utils-guiecryptfs-utils-develecryptfs-utilspostgresql-plpostgresql-tclpostgresql-pythonkdelibs3-apidocskdelibs3-develkdelibs3libvirt-develpoptrpmrpm-libsrpm-cronrpm-apidocsrpm-develrpm-pythonrpm-buildjasper-develjasper-utilsjasper-libsjaspergegl-develgeglopenssh-ldapopensshopenssh-serveropenssh-clientspam_ssh_agent_authopenssh-askpassfreeradius-pythonfreeradius-unixODBCfreeradius-postgresqlfreeradius-krb5freeradius-perlfreeradius-mysqlfreeradius-ldapfreeradiusfreeradius-utilssblim-cim-client2-javadocsblim-cim-client2-manualsblim-cim-client2rsyslog-gssapirsyslog-snmprsyslog-pgsqlrsyslog-gnutlsrsyslog-mysqlrsyslog-relprsyslogcifs-utilssoslibxslt-pythonlibxsltlibxslt-devellibreoffice-langpack-delibreoffice-baseautocorr-srlibreoffice-langpack-bnlibreoffice-langpack-urlibreoffice-graphicfilterlibreoffice-langpack-eulibreoffice-langpack-talibreoffice-langpack-ltlibreoffice-langpack-ellibreoffice-langpack-etlibreoffice-langpack-thlibreoffice-langpack-velibreoffice-corelibreoffice-langpack-nnlibreoffice-langpack-palibreoffice-langpack-arlibreoffice-langpack-zulibreoffice-langpack-xhlibreoffice-langpack-svlibreoffice-langpack-nblibreoffice-sdk-doclibreoffice-langpack-calibreoffice-rhinolibreoffice-writerlibreoffice-langpack-srlibreoffice-langpack-aflibreoffice-langpack-mailibreoffice-presenter-screenlibreoffice-langpack-cylibreoffice-mathautocorr-hrlibreoffice-report-builderlibreoffice-langpack-hilibreoffice-langpack-eslibreoffice-langpack-kolibreoffice-langpack-nrlibreoffice-langpack-cslibreoffice-testtoolslibreoffice-langpack-sklibreoffice-langpack-mllibreoffice-headlesslibreoffice-calclibreoffice-langpack-rolibreoffice-langpack-dzlibreoffice-langpack-tslibreoffice-langpack-pllibreoffice-langpack-pt-PTlibreoffice-langpack-tnlibreoffice-langpack-orlibreoffice-langpack-telibreoffice-langpack-mrlibreoffice-opensymbol-fontslibreoffice-langpack-hulibreoffice-langpack-aslibreoffice-langpack-hrlibreoffice-langpack-rulibreoffice-ogltranslibreoffice-langpack-frlibreoffice-langpack-zh-Hantlibreoffice-drawlibreoffice-impresslibreoffice-langpack-galibreoffice-langpack-enlibreoffice-langpack-gulibreoffice-langpack-nsolibreoffice-langpack-stlibreoffice-langpack-uklibreoffice-langpack-pt-BRlibreoffice-langpack-nllibreoffice-langpack-zh-Hanslibreoffice-langpack-mslibreoffice-langpack-helibreoffice-emailmergelibreoffice-bshlibreoffice-wiki-publisherlibreoffice-langpack-jalibreoffice-langpack-dalibreoffice-langpack-sslibreoffice-langpack-sllibreoffice-langpack-itlibreofficelibreoffice-presentation-minimizerlibreoffice-urelibreoffice-langpack-filibreoffice-gdb-debug-supportlibreoffice-langpack-gllibreoffice-xsltfilterlibreoffice-langpack-bglibreoffice-javafilterlibreoffice-pdfimportlibreoffice-pyunolibreoffice-langpack-trlibreoffice-langpack-knlibreoffice-sdkqpid-cpp-server-storeruby-qpid-qmfqpid-cpp-server-xmlrh-qpid-cpp-testsqpid-cpp-server-sslqpid-cpp-client-sslqpid-cpp-client-rdmaqpid-cpppython-qpidqpid-cpp-client-develqpid-cpp-clientpython-qpid-qmfqpid-cpp-server-develqpid-cpp-serverqpid-qmf-develqpid-cpp-server-rdmaqpid-qmfqpid-cpp-server-clusterqpid-toolsqpid-cpp-client-devel-docsopenldapopenldap-developenldap-clientsopenldap-servers-sqlopenldap-serversapr-develaprapr-docsbusybox-petitbootbusyboxnet-snmp-libsnet-snmp-pythonnet-snmp-perlnet-snmpnet-snmp-develnet-snmp-utilspython-paste-scriptphp-pecl-apc-develphp-pecl-apclibvorbis-devel-docslibvorbis-devellibvorbisImageMagick-c++ImageMagick-docImageMagick-develImageMagickImageMagick-perlImageMagick-c++-develkdelibs-commonkdelibskdelibs-develkdelibs-apidocsdbus-develdbus-x11dbusdbus-docdbus-libsopenssl097aopenssl098ebtparser-pythonbtparser-develpython-mehbtparserraptorraptor-developenoffice.org-brandopenoffice.org-math-coreopenoffice.org-draw-coreopenoffice.org-ogltransautocorr-ltopenoffice.org-langpack-ukbroffice.org-brandopenoffice.org-calc-coreautocorr-gaopenoffice.org-langpack-paopenoffice.org-langpack-dzbroffice.org-baseautocorr-csopenoffice.org-report-builderopenoffice.org-langpack-roautocorr-mnopenoffice.org-presentation-minimizerautocorr-deautocorr-ruopenoffice.org-presenter-screenopenoffice.org-langpack-mr_INbroffice.org-impressopenoffice.org-langpack-ts_ZAautocorr-enautocorr-jaopenoffice.org-impress-coreopenoffice.org-opensymbol-fontsopenoffice.org-developenoffice.org-langpack-ga_IEopenoffice.org-langpack-deopenoffice.org-baseopenoffice.org-langpack-ml_INopenoffice.org-base-coreautocorr-slopenoffice.org-drawopenoffice.org-langpack-te_INopenoffice.org-langpack-zh_TWbroffice.org-mathautocorr-bgopenoffice.org-langpack-xh_ZAautocorr-itautocorr-koautocorr-skautocorr-tropenoffice.org-langpack-sr_CSopenoffice.org-coreopenoffice.orgopenoffice.org-langpack-mai_INopenoffice.org-langpack-st_ZAopenoffice.org-langpack-nb_NOopenoffice.org-langpack-bnopenoffice.org-langpack-sropenoffice.org-pdfimportopenoffice.org-mathopenoffice.org-langpack-da_DKautocorr-fropenoffice.org-langpack-he_ILbroffice.org-drawopenoffice.org-langpack-hi_INopenoffice.org-langpack-eu_ESautocorr-viautocorr-huopenoffice.org-langpack-fi_FIopenoffice.org-pyunoopenoffice.org-headlessopenoffice.org-langpack-pl_PLopenoffice.org-langpack-svopenoffice.org-langpack-tr_TRopenoffice.org-xsltfilteropenoffice.org-langpack-ta_INopenoffice.org-langpack-nso_ZAautocorr-faopenoffice.org-writeropenoffice.org-langpack-as_INautocorr-nlautocorr-plopenoffice.org-langpack-cy_GBopenoffice.org-langpack-or_INautocorr-lbautocorr-euopenoffice.org-langpack-ve_ZAautocorr-ptopenoffice.org-langpack-pt_PTopenoffice.org-langpack-esopenoffice.org-langpack-hu_HUbroffice.org-calcopenoffice.org-langpack-itopenoffice.org-wiki-publisheropenoffice.org-langpack-enopenoffice.org-impressopenoffice.org-langpack-zu_ZAopenoffice.org-langpack-nlopenoffice.org-langpack-ca_ESopenoffice.org-langpack-sk_SKbroffice.org-writeropenoffice.org-langpack-uropenoffice.org-bshautocorr-svopenoffice.org-langpack-zh_CNopenoffice.org-langpack-ko_KRopenoffice.org-langpack-fropenoffice.org-langpack-el_GRopenoffice.org-langpack-kn_INopenoffice.org-langpack-gu_INopenoffice.org-langpack-gl_ESopenoffice.org-langpack-af_ZAopenoffice.org-testtoolsopenoffice.org-langpack-bg_BGopenoffice.org-langpack-ja_JPopenoffice.org-rhinoopenoffice.org-langpack-nn_NOopenoffice.org-sdk-docopenoffice.org-langpack-sl_SIopenoffice.org-langpack-tn_ZAopenoffice.org-ureautocorr-esopenoffice.org-langpack-cs_CZopenoffice.org-calcopenoffice.org-langpack-lt_LTopenoffice.org-langpack-hr_HRopenoffice.org-javafilteropenoffice.org-langpack-th_THopenoffice.org-graphicfilterautocorr-fiopenoffice.org-langpack-ss_ZAautocorr-zhautocorr-daopenoffice.org-langpack-nr_ZAopenoffice.org-langpack-ms_MYautocorr-afopenoffice.org-langpack-et_EEopenoffice.org-writer-coreopenoffice.org-langpack-pt_BRopenoffice.org-langpack-pa_INopenoffice.org-sdkopenoffice.org-langpack-ruopenoffice.org-langpack-aropenoffice.org-emailmergeperl-DBD-Pgbind-libbind-develcaching-nameserverquaggaquagga-contribquagga-devellibgcrypt-devellibgcryptlibtiff-staticlibtifflibtiff-develca-certificatesgimpgimp-devel-toolsgimp-develgimp-help-browsergimp-libsgcgc-develglibc-headersglibc-staticglibc-commonglibc-develglibcnscdglibc-utilssudomesa-libGLmesa-libGL-develmesa-libGLU-develmesa-libOSMesa-develmesa-libOSMesamesamesa-dri-filesystemglx-utilsmesa-libGLUmesa-dri-driversmesa-demoslibtarlibtar-devellibjpeg-turbo-staticlibjpeg-turbo-devellibjpeg-turbonss-softoknnss-softokn-develnss-softokn-freeblnss-softokn-freebl-develspice-server-develspice-serverstunnelruby-modephp53php53-mysqlphp53-xmlphp53-pgsqlphp53-bcmathphp53-pspellphp53-mbstringphp53-soapphp53-pdophp53-commonphp53-xmlrpcphp53-intlphp53-gdphp53-dbaphp53-imapphp53-snmpphp53-develphp53-odbcphp53-ldapphp53-processphp53-cliwiresharkwireshark-develwireshark-gnomelibguestfs-javadocpython-libguestfslibguestfs-java-devellibguestfslibguestfs-toolsruby-libguestfslibguestfs-javaocaml-libguestfs-devellibguestfs-develocaml-libguestfsperl-Sys-Guestfslibguestfs-tools-cxorg-x11-server-utilsxorg-x11-appsxorg-x11-utilscups-phpcups-lpdcupscups-develcups-libsbind-dyndb-ldapcvscvs-inetdopenjpegopenjpeg-libsopenjpeg-develsystemtap-testsuitesystemtapsystemtap-runtimesystemtap-initscriptsystemtap-graphersystemtap-sdt-develsystemtap-serverelinksrtkitlibproxy-pythonlibproxy-bindevhelp-devellibproxy-develdevhelplibproxy-kdeyelplibproxy-webkitlibproxy-gnomelibproxy-mozjslibproxylibtirpc-devellibtirpcopenswan-docopenswanpostgresql84-tclpostgresqlpostgresql-contribpostgresql-testpostgresql-libspostgresql-plpythonpostgresql84-serverpostgresql-docspostgresql84-develpostgresql84-pltclpostgresql-plperlpostgresql84-docspostgresql84-contribpostgresql84-plpythonpostgresql84postgresql84-libspostgresql84-testpostgresql84-pythonpostgresql84-plperlpostgresql-pltclpostgresql-develpostgresql-serverlibtasn1libtasn1-toolslibtasn1-develemacs-gitgit-allgit-cvsperl-Gitemacs-git-elgit-svngitgit-guigit-emailgitwebgit-daemongitkxorg-x11-server-Xephyrxorg-x11-server-develxorg-x11-server-sdkxorg-x11-server-commonxorg-x11-server-Xdmxxorg-x11-server-sourcexorg-x11-server-Xvnc-sourcexorg-x11-serverxorg-x11-server-Xvfbxorg-x11-server-Xnestxorg-x11-server-Xorgopenssl-developensslopenssl-staticopenssl-perlutil-linux-nglibblkid-devellibblkiduuiddlibuuidlibuuid-develpixman-develpixmannss-pam-ldapddbus-glibdbus-glib-develjakarta-commons-httpclient-demojakarta-commons-httpclient-manualjakarta-commons-httpclient-javadocjakarta-commons-httpclientautomakeevolution-mapiopenchangeevolution-mapi-developenchange-developenchange-devel-docsopenchange-clientmod_nssboost-systemboost-mpich2boost-pythonboost-testboost-mpich2-pythonboost-openmpi-pythonboost-date-timeboost-program-optionsboost-develboost-mpich2-develboost-serializationboost-openmpi-develboost-graph-openmpiboostboost-graphboost-regexboost-staticboost-graph-mpich2boost-docboost-filesystemboost-iostreamsboost-threadboost-waveboost-mathboost-openmpiboost-signalsperl-CPANperl-Package-Constantsperl-ExtUtils-CBuilderperl-libsperl-Archive-Tarperl-Log-Message-Simpleperl-Module-Load-Conditionalperl-Term-UIperl-CPANPLUSperl-IO-Compress-Bzip2perl-Locale-Maketext-Simpleperl-Parse-CPAN-Metaperl-IPC-Cmdperl-parentperl-ExtUtils-Embedperl-Module-Buildperl-suidperlperl-Archive-Extractperl-Module-Pluggableperl-Module-Loadperl-ExtUtils-ParseXSperl-develperl-Test-Harnessperl-Pod-Simpleperl-Params-Checkperl-Module-CoreListperl-Pod-Escapesperl-Module-Loadedperl-IO-Compress-Zlibperl-Log-Messageperl-Compress-Raw-Zlibperl-Time-Pieceperl-versionperl-ExtUtils-MakeMakerperl-File-Fetchperl-Compress-Raw-Bzip2perlperl-CGIperl-Test-Simpleperl-coreperl-Digest-SHAperl-Compress-Zlibperl-IO-Compress-Baseperl-Object-Accessorperl-Time-HiResperl-IO-Zlibxinetdhpliphplip-commonhplip-libslibsane-hpaiohpijshplip-guimysql-embedded-develmysql-libsmysql-servermysqlmysql-develmysql-embeddedmysql-testmysql-benchgdb-gdbservergdbpoptrpm-cronrpm-pythonrpm-libsrpm-develrpmrpm-apidocsrpm-buildphp-enchantphp-processphp-tidyphp-imapphp-ldapphp-pgsqlphp-snmpphp-bcmathphp-pspellphp-develphp-ncursesphp-xmlrpcphpphp-xmlphp-ztsphp-mbstringphp-intlphp-gdphp-dbaphp-recodephp-soapphp-commonphp-odbcphp-cliphp-fpmphp-mysqlphp-pdophp-embeddedevolutionevolution-pstevolution-helpevolution-develevolution-perlevolution-spamassassinevolution-conduitslibrdmacm-staticibutils-develinfiniband-diags-develibutils-libsopensm-devellibibmadlibibumadinfiniband-diags-devel-staticinfinipath-psmopensm-libslibibverbs-utilslibibverbs-devel-staticrdmalibibmad-devellibrdmacm-utilsopensmibacmlibrdmacm-devellibibmad-staticibsimlibibverbslibmlx4-staticlibrdmacmibutilslibibumad-develinfiniband-diagsinfinipath-psm-devellibibumad-staticlibmlx4opensm-staticibacm-devellibibverbs-develghostscript-develghostscriptghostscript-docghostscript-gtkdnsmasq-utilsdnsmasqspice-glib-develspice-gtk-develspice-gtkspice-gtk-pythonspice-glibspice-gtk-toolsmod_dav_svnsubversion-perlsubversion-kdesubversion-develsubversion-javahlsubversion-rubysubversion-gnomesubversion-svn2clsubversionkernel-abi-whitelistslibxml2-devellibxml2-pythonlibxml2libxml2-staticrubygemsccidhttpdhttpd-toolsmod_sslhttpd-develhttpd-manualtomcat6-admin-webappstomcat6-libtomcat6-webappstomcat6-javadoctomcat6-servlet-2.5-apitomcat6tomcat6-docs-webapptomcat6-el-2.1-apitomcat6-jsp-2.1-apisamba4-libssamba4-pidlsamba4-swatsamba4-pythonsamba4-commonsamba4-develsamba4-testsamba4-winbindsamba4-clientsamba4-winbind-krb5-locatorsamba4samba4-dc-libssamba4-dcsamba4-winbind-clientssamba3x-commonsamba3x-clientsamba3xlibsmbclient-develsamba3x-winbindsamba3x-swatsamba3x-winbind-develsamba-swatsamba-winbind-clientssamba-commonsamba-winbind-krb5-locatorsamba-docsamba-domainjoin-guisamba3x-doclibsmbclientsambasamba-clientsamba3x-domainjoin-guisamba-winbind-develsamba-winbindicedtea-web-javadocicedtea-webfreetype-demosfreetype-develfreetypefinch-develpidgin-perllibpurple-tclpidginpidgin-docslibpurple-devellibpurplepidgin-devellibpurple-perlfinchpolkit-develpolkit-docspolkitpolkit-desktop-policymingw32-libxml2mingw32-libxml2-staticnspluginwrapperkrb5-pkinit-opensslkrb5krb5-server-ldapkrb5-serverkrb5-develkrb5-workstationkrb5-libsjava-1.7.0-openjdk-srcjava-1.7.0-openjdk-demojava-1.7.0-openjdk-javadocjava-1.7.0-openjdk-develjava-1.7.0-openjdkt1lib-appst1lib-develt1lib-statict1libipa-server-trust-adipaipa-server-selinuxipa-admintoolsipa-pythonipa-clientipa-servervinosquidlibreport-develabrt-libsabrt-cliabrt-addon-vmcorelibreport-plugin-bugzillaabrt-devellibreportabrt-addon-ccppabrtlibreport-plugin-loggerlibreport-newtabrt-addon-kerneloopslibreport-plugin-rhtsupportlibreport-gtklibreport-plugin-kerneloopslibreport-clilibreport-pythonlibreport-plugin-mailxlibreport-gtk-develabrt-tuilibreport-plugin-reportuploaderabrt-desktopabrt-guiabrt-addon-pythonxorg-x11-drv-qxllibipa_hbac-pythonlibsss_sudolibipa_hbac-develsssdlibsss_autofslibsss_idmap-devellibsss_idmaplibsss_sudo-develsssd-toolslibipa_hbacsssd-clientqemu-imgqemu-guest-agentqemu-guest-agent-win32qemu-kvmqemu-kvm-toolslibpnglibpng-staticlibpng-develpam-develpamgnupg2gnupg2-smimelibexif-devellibexifqt-postgresqlqt-sqliteqtqt-docqt-odbcphonon-backend-gstreamerqt-examplesqt-x11qt-mysqlqt-demosqt-develkernel-dockernel-kdumpkernel-kdump-develperfkernel-firmwarekernel-bootwrapperpython-perfkernel-develkernelkernel-debugkernel-headerskernel-debug-develkpathseatexlive-afmtexlive-xetextexlive-utilstexlive-east-asiankpathsea-develtexlive-dviutilstexlive-contexttexlive-dvipstexlivetexlive-latexmendexkpython-libspythonpython-develpython-toolspython-testtkinterpcsc-litepcsc-lite-docpcsc-lite-libspcsc-lite-develdhcp-develdhcpdhcp-commondhclientnss-utilnss-toolsnss-util-develnsprnspr-develnss-sysinitnss-develnssnss-pkcs11-develxulrunner-develfirefoxxulrunnerlibvirt-lock-sanlocklibvirt-devellibvirtlibvirt-pythonlibvirt-clientruby-staticruby-libsruby-tcltkruby-riruby-docsruby-develruby-rdocrubyruby-irbgnutls-guilegnutls-utilsgnutlsgnutls-develexpat-develexpatpki-java-toolspki-symkeypki-java-tools-javadocpki-corepki-commonpki-utilpki-common-javadocpki-util-javadocpki-native-toolspki-setuppki-selinuxpki-capki-silentpython-sqlalchemyhaproxybind-sdbbindbind-libsbind-develbind-utilsbind-chrootjava-1.6.0-openjdk-srcjava-1.6.0-openjdk-demojava-1.6.0-openjdkjava-1.6.0-openjdk-develjava-1.6.0-openjdk-javadoc389-ds-base-devel389-ds-base-libs389-ds-baselibcurl-develcurlcurl-devellibcurl^redhat-release-.*$oraclelinux-releasecentos-releaseredhat-releasethunderbird1:1.6.0.35-1.13.7.1.el7_11:1.6.0.35-1.13.7.1.el6_61:1.6.0.35-1.13.7.1.el5_111:1.8.0.45-30.b13.el7_11:1.8.0.45-28.b13.el6_6x86_642:0.12.1.2-2.448.el6_6.3i6862:0.12.1.2-2.448.el6_6.3x86_640:1.0.1e-30.el6.11i6860:1.0.1e-30.el6.110:1.10.2.3-36.el5_110:4.8.0-38.el6_60:4.4.2.3-36.el5_110:1.15.0-25.el6_60:1.15.0-7.el7_0.30:1.15.0-25.el6.centos1:1.7.0.79-2.5.5.1.el7_11:1.7.0.79-2.5.5.1.el6_632:9.9.4-14.el7_0.130:9.3.6-25.P1.el5_11.232:9.8.2-0.30.rc1.el6_6.10:1.900.1-16.el6_6.20:1.900.1-26.el7_0.20:4.2.6p5-2.el6.centos0:4.2.6p5-19.el7.centos0:4.2.6p5-2.el6_60:4.2.6p5-19.el7_00:31.3.0-1.el5_110:31.3.0-1.el6.centos0:31.3.0-1.el6_60:31.3.0-1.el5.centos0:2.17-55.el7_0.50:2.12-1.149.el6_6.50:1.4.5-4.el6_60:1.4.7-2.el7_00:12.4-8.el6_60:12.5-12.el7_00:0.8.0-3.el6_60:1.12-5.el6_6.10:1.14-10.el7_0.10:0.10.2-46.el6_6.20:0.9.7-7.el6_6.10:0.9.9-9.el7_0.10:1.8.7.374-3.el6_60:3.16.2.3-1.el7_00:3.16.2.3-1.el5_110:3.16.2.3-2.el7_00:3.16.2.3-3.el6_60:3.16.2.3-2.el6_60:5.3.3-40.el6_60:5.4.16-23.el7_0.30:2.6.32-504.1.3.el60:31.3.0-3.el7.centos0:31.3.0-4.el5_110:31.3.0-4.el5.centos0:31.3.0-3.el6.centos0:31.3.0-3.el6_60:31.3.0-3.el7_00:2.6.32-504.3.3.el60:2.11.0-17.el7_00:2.7.1-12.7.el6_50:1.20.11-2.el60:0.12.1.2-2.415.el60:5.3.3-27.el6_5.20:5.3.3-24.el50:0.4.9-1.el60:1.5.4-2.el60:1.0.17-1.el60:3.10-3.el60:1.5.7-8.el60:3.0.1-115.1015_open.2.el60:2.0-2.el60:1.1.7-1.el60:1.0.5-4.el6.10:3.2-9.el61:1.6.0.33-1.13.5.0.el6_61:1.6.0.33-1.13.5.0.el7_01:1.6.0.33-1.13.5.0.el5_110:4.3.4-14.el6_3.20:1.2.11.15-30.el6_51:1.7.0.71-2.5.3.1.el61:1.7.0.71-2.5.3.1.el7_00:2.7.6-17.el6_6.10:2.9.1-5.el7_0.10:2.9.1-5.el7_0.10:2.7.6-17.el6_6.10:31.2.0-2.el5_110:31.2.0-2.el5.centos0:2.32.3-16.el60:2.28.1-39.el60:3.32.2-2.el60:2.28.1-8.el60:2.32.3-18.el60:0.14.4-10.el60:2.32.3-30.el60:3.2.6-4.el60:1.0-6.el60:2.28.2-4.el60:2.7.9-11.el60:2.28.0-5.el60:2.30.2-15.el60:0.6.4-2.el60:2.28.6-4.el60:0.32.2-12.el60:5.04-21.el60:5.04-21.el60:0.9.3-94.el60:5.3p1-94.el60:2.6.32-504.el60:2.6.32-504.el60:0.9.3-84.1.el60:5.3p1-84.1.el60:1.6.11-10.el6_50:1.6.11-12.el5_101:1.4.2-67.el61:1.4.2-67.el60:1.13.0-23.el6.centos0:1.13.0-23.el60:5.3.3-26.el60:2.0.9-5.el60:1.8.0.25-1.b17.el60:1.8.0.25-1.b17.el60:1.8.10-4.el60:0.3.13-2.el60:0.3.13-2.el60:1.10.3-33.el60:1.10.3-33.el60:1.0.0-5.el60:31.2.0-3.el5_110:31.2.0-3.el6_60:31.2.0-1.el7_00:31.2.0-3.el7_00:31.2.0-1.el7.centos0:31.2.0-3.el5.centos0:31.2.0-3.el7.centos0:1.8.10-8.el6_60:1.10.3-12.el7_01:1.0.1e-34.el7_0.60:1.0.1e-30.el6_6.20:1.2.1-7.5.el6_50:1.2.1-2jpp.8.el5_100:5.8.10-9.el6_60:5.8.12-5.el5_110:5.3p1-104.el60:0.9.3-104.el60:5.3p1-104.el60:2.6.32-431.29.2.el60:7.4.10-3.el6_60:7.4.10-3.el6_60:1.7.2-2.2.el60:1.0.2-2.1.el60:1.1.4-2.1.el60:0.9.8-2.1.el60:1.1.4-6.1.el60:1.0.8-2.1.el60:5.0.1-2.1.el60:1.1.3-2.1.el60:1.4.1-2.1.el60:1.1.14-2.1.el60:1.6.0-2.2.el60:1.0.9-2.1.el60:1.9.1-2.el60:1.2.2-2.1.el60:1.0.7-2.1.el60:1.1.3-3.el60:1.3.2-2.1.el60:1.3.4-1.el60:1.1.4-2.1.el60:1.8-3.el60:0.9.8-2.1.el60:1.1.3-3.el60:1.6.0-2.2.el60:1.2.2-2.1.el60:2.11-1.el60:5.0.1-2.1.el60:1.7.2-2.2.el60:1.1.4-6.1.el60:1.1.3-2.1.el60:1.9.1-2.el60:7.7-9.el60:1.0.2-2.1.el60:1.3.2-2.1.el60:1.0.7-2.1.el60:1.1.14-2.1.el60:1.0.9-2.1.el60:1.0.8-2.1.el60:1.4.1-2.1.el60:3.16.1-4.el5_110:3.16.2-2.el7_00:3.14.3-12.el6_50:3.16.1-7.el6_50:3.16.1-2.el6_50:3.16.2-7.el7_00:3.16.1-2.el6_50:3.14.3-12.el6_50:3.16.2-7.el7_00:3.16.1-7.el6_50:3.16.2-2.el7_00:3.16.1-4.el5_117:3.1.10-22.el6_57:2.6.STABLE21-7.el5_100:2.12-1.132.el62:0.12.1.2-2.415.el6_5.140:1.1.10-14.el60:2.12-1.149.el60:2.12-1.149.el60:3.2-33.el5_10.40:4.2.45-5.el7_0.40:4.1.2-15.el6_5.20:3.2-33.el5_11.40:24.8.0-2.el5.centos0:24.8.0-1.el7_00:24.8.0-1.el7.centos0:24.8.0-2.el5_100:24.8.0-1.el6_50:24.8.0-1.el5.centos0:24.8.0-1.el6.centos0:24.8.0-1.el5_100:3.2-33.el5.10:4.2.45-5.el7_0.20:4.1.2-15.el6_5.11:3.0-7jpp.4.el5_101:3.1-16.el7_01:3.1-0.9.el6_50:3.22-17.1.2.el5_100:3.22-25.1.el6_5.10:3.22-34.el7_0.10:3.22-17.1.20:1.0.1e-16.el6_5.151:1.0.1e-34.el7_0.40:1.2.11.15-34.el6_50:1.3.1.6-26.el7_00:0.26.0-63.el6.centos0:0.26.0-63.el60:2.17-55.el7_0.10:2.12-1.132.el6_5.40:2.5-118.el5_10.30:6.0.24-78.el6_50:4.0.0-63.el6_5.rc40:5.3.3-27.el6_5.10:5.3.3-23.el5_100:2.12-1.132.el61:1.15.1-20.el60:5.3p1-94.el60:0.9.3-94.el60:1.8.6p3-12.el60:2.6.32-431.el60:4.0.0-58.el6.rc40:8.4-31.el60:2.6.32-431.23.3.el60:3.6.9-164.el61:2.2.15-31.el6_51:2.2.15-31.el6.centos1:2.2.3-87.el5_101:2.2.3-87.el5.centos0:2.2.3-87.el5_100:2.2.15-31.el6.centos0:2.2.15-31.el6_50:2.2.3-87.el5.centos0:2.03-3.1.el6_5.10:2.06-6.el7_0.20:2.6.32-431.20.5.el60:2.6.32-431.20.5.el61:1.6.0.0-6.1.13.4.el6_51:1.6.0.0-6.1.13.4.el5_101:1.6.0.0-6.1.13.4.el7_00:3.6.6-0.140.el5_100:3.6.9-169.el6_50:24.7.0-1.el7.centos0:24.7.0-1.el7_00:2.06-6.el7_0.20:2.03-3.1.el6_5.10:3.2-6.el6_51:2.2.10-4.el7_0.11:2.0.9-7.el6_5.12:0.12.1.2-2.415.el6_5.100:3.16.1-4.el6_50:3.16.1-1.el6_50:4.10.6-1.el6_50:3.6.6-0.140.el5_100:3.6.9-169.el6_50:6.0.24-72.el6_50:2.6.32-431.20.3.el60:1.0.1e-16.el6_5.140:0.10.2-29.el6_5.80:6.0.24-72.el6_50:24.5.0-1.el6.centos0:24.5.0-1.el5_100:24.5.0-1.el6_50:24.5.0-1.el5.centos0:24.7.0-1.el5.centos0:24.7.0-1.el6_50:24.7.0-1.el5_100:24.7.0-1.el6.centos0:7.19.7-37.el6_5.30:2.2.1-2.el6_50:1.0.1e-16.el6_5.70:1.0.1e-16.el6_5.71:1.7.0.55-2.4.7.1.el6_51:1.7.0.65-2.5.1.2.el6_51:1.7.0.65-2.5.1.2.el7_00:2.6.32-431.17.1.el60:2.8.5-14.el6_57:3.1.10-20.el6_5.30:6.0.24-64.el6_51:1.6.0.0-5.1.13.3.el6_51:1.6.0.0-5.1.13.3.el5_101:1.7.0.65-2.5.1.2.el7_01:1.7.0.65-2.5.1.2.el6_50:2.7.6-14.el6_5.10:2.7.0-9.9.el6_50:2.7.0-6jpp.20:1.2.11.15-32.el6_50:1.0.1e-150:1.0.1e-16.el6_5.75:1.5.20-4.20091214hg736b6a.el6_50:4.0.0-61.el6_5.rc4^7.*$^7.*$^7.*$0:24.6.0-1.el7.centos0:24.6.0-1.el5_100:24.6.0-1.el5.centos0:24.6.0-1.el7_00:24.6.0-1.el6_50:24.6.0-1.el6.centos0:3.6.6-0.139.el5_100:3.6.9-168.el6_50:2.6.32-431.11.2.el60:2.6.32-27.2.el6_50:2.6.32-7.3.el5_100:3.9.4-10.el6_50:8.4.20-1.el6_50:8.4.20-1.el5_102:0.12.1.2-2.415.el6_5.80:0.5.6-8.el6_5.11:2.2.15-30.el6_50:2.2.15-30.el6_50:2.2.15-30.el6.centos1:2.2.15-30.el6.centos1:5.5-49.el6_5.10:0.9.7a-12.el5_10.10:0.9.8e-18.el6_5.20:1.8.10-7.el6_50:1.0.1-7.el6_50:24.4.0-1.el5.centos0:24.4.0-1.el6.centos0:24.4.0-1.el5_100:24.4.0-1.el6_50:2.3-6.el6_50:2.8.5-13.el6_50:0.8.6-4.el6_5.20:83-266.el5.centos.10:2.26.0-6.el6_5.30:2.4.23-34.el6_5.10:0.10.2-29.el6_5.30:1.12-1.11.el6_50:2.6.32-431.5.1.el60:2.3.11-6.el6_0.20:2.2.1-28.el5_5.10:2.7.9-27.el60:2.6.6-32.el50:3.6.22-1.el6_10:3.6.22-1.el5_70:1.9.2.22-1.el5_70:1.9.2.22-1.el6_10:3.6.23-2.el5_70:1.9.2.23-1.el5_70:1.9.2.23-1.el6_1.10:3.6.23-2.el6_11:1.6.0.0-3.1.13.1.el6_51:1.6.0.0-3.1.13.1.el5_100:1.9-22.el6_2.10:1.8.11-12.el6_2.10:6.0.24-35.el6_10:6.0.24-35.el60:4.2.1-9.1.el6_20:3.6-5.16.132:9.7.3-2.el6_1.P3.330:9.3.6-16.P1.el5_7.10:1.9.2.20-3.el6_10:1.9.2.20-3.el5_70:1.0.1-7.el6_212:4.1.1-25.P1.el6_2.10:1.1.2-16.el5_71:1.2.24-5.el6_10:2.3.16-6.el6_1.40:2.3.7-12.el5_7.20:2.0.0.24-24.el50:3.1.12-2.el6_10:1.4.1-2.el6_10:1.2.2-1.0.4.el5_70:2.6.32-220.2.1.el60:1.2-11.el6_00:1.1-3.el5_5.30:3.12.10-4.el5_70:3.12.9-12.el6_10:4.8.8-1.el5_70:1.0.0-5.el6_5.10:1.0.1e-16.el6_5.40:2.3.16-6.el6_1.30:2.3.7-12.el5_7.10:2.2.1-28.el5_7.20:2.3.11-6.el6_1.87:3.1.10-1.el6_2.112:3.0.5-29.el5_7.112:4.1.1-19.P1.el6_1.12:0.12.1.2-2.160.el6_1.90:1.0.7-7.el5_7.11:2.0.9-2.el6_1.10:2.0.0.24-25.el50:3.1.14-1.el6_10:2.2.1-28.el5_7.10:2.3.11-6.el6_1.70:1.1.1-48.76.el5_7.50:1.7.7-29.el6_1.20:1.3.9-3.el6_1.20:1.2.7-11.el5_6.50:5.1.73-3.el6_50:4.8.8-1.el6_10:3.12.10-1.el6_10:3.12.10-2.el6_10:3.12.10-7.el5_70:10.3.181.14-1.el60:10.3.181.14-1.el50:1.1.2-15.el5_61:1.2.24-4.el6_00:1.4.5-3.el6_50:1.2.2-1.0.5.el5_100:3.8.2-7.el5_6.70:3.9.4-1.el6_0.20:1.9.2.20-2.el6_10:3.6.20-2.el6_10:3.6.20-2.el50:1.9.2.20-2.el50:2.7.9-3.el6.20:0.56.13-4.el6_0.10:0.54.7-2.1.el5_5.20:75-5.el5_7.20:82-6.el6_1.32:0.12.1.2-2.209.el6_2.10:8.1.23-1.el5_7.20:8.4.9-1.el6_1.10:3.5.10-24.el6_1.16:3.5.4-26.el5_7.10:1.9.2.24-2.el5_70:3.6.24-3.el6_10:3.6.24-3.el5_70:1.9.2.24-2.el6_1.10:5.3.3-1.el5_7.30:5.3.3-3.el6_1.332:9.8.2-0.23.rc1.el6_5.10:0.10.2-29.el6_5.30:24.3.0-2.el5_100:24.3.0-2.el6_50:2.6.26-2.1.15.el5_8.60:2.7.6-8.el6_3.40:1.10.2.3-22.el5_7.20:4.4.2.3-22.el5_7.20:4.8.0-16.el6_1.10:5.1.66-1.el6_31:1.7.0.51-2.4.4.1.el6_50:1.900.1-15.el6_1.10:0.1.2-4.el6_30:8.70-14.el5_8.10:8.70-14.el6_3.12:2.6.9-4.el6_3.30:2.4.23-26.el6_3.21:1.6.0.0-1.50.1.11.5.el6_31:1.7.0.9-2.3.3.el6_3.10:0.3.0-3.el6_30:0.9-81.el60:5.3p1-81.el61:1.7.0.5-2.2.1.el6_30:2.6.26-2.1.15.el5_8.50:2.7.6-8.el6_3.30:2.6.32-279.9.1.el62:0.12.1.2-2.295.el6_3.20:2.1.12-4.el6_30:8.4.12-1.el6_20:8.4.12-1.el5_80:1.1.0-0.9.b1.el6_3.11:1.6.0.0-1.23.1.9.10.el5_71:1.6.0.0-1.40.1.9.10.el6_10:2.1.3-2.el60:5.8.10-2.el60:3.13.3-2.el60:3.13.3-6.el60:4.9-1.el60:1.2.2-1.el6_30:10.0.8-2.el5.centos0:2.6.21-5.el5_7.60:2.6.32-4.el6_1.40:2.6.32-279.1.1.el60:4.8.1-10.el60:2.2-29.el60:2.6.32-279.14.1.el60:1.1.26-2.el6_3.10:1.1.17-4.el5_8.30:5.1.66-2.el6_30:3.9.4-6.el6_30:3.8.2-15.el5_80:10.0.6-2.el5_81:3.4.5.2-16.1.el6_30:0.14-11.el6_30:0.14-14.el6_30:0.14-6.el6_30:0.14-22.el6_30:1.3-8.el6_30:2.4.23-26.el60:1.3.9-3.el6_0.10:1.2.7-11.el5_6.40:5.3.3-14.el6_332:9.8.2-0.10.rc1.el6_3.230:9.3.6-20.P1.el5_8.21:1.15.1-15.el60:5.1.61-4.el60:2.12-1.80.el6_3.50:1.3-9.el6_332:9.8.2-0.10.rc1.el6_3.30:1.2.10.2-18.el6_30:2.6.32-220.23.1.el60:2.3.11-6.el6_2.90:2.2.1-31.el5_8.10:2.12-1.47.el6_2.90:2.6.32-279.el60:2.6.32-220.13.1.el61:5.5-41.el60:1.7.3-5.el6_30:10.0.7-2.el5_80:3.1.9-2.el60:10.0.5-1.el5.centos0:10.0.5-1.el6.centos0:10.0.5-1.el5_80:10.0.5-1.el6_20:10.0.5-2.el6.centos0:10.0.5-2.el5.centos0:10.0.5-2.el5_80:10.0.5-2.el6_20:2.7.6-4.el6_2.11:1.1.2-3.el5_7.61:1.2.3-4.el6_2.10:5.1.6-34.el5_80:5.3.3-3.el6_2.80:6.5.4.7-6.el6_20:2.6.6-29.el6_2.20:0.9.8e-22.el5_8.40:1.0.0-20.el6_2.50:1.2.10.2-15.el66:4.3.4-19.el632:9.8.2-0.10.rc1.el6_3.60:3.9.4-9.el6_30:3.8.2-18.el5_80:2.6.32-220.17.1.el60:1.9-33.el6_3.21:1.2.24-7.el6_30:0.9.8e-17.el6.centos.20:0.9.7a-11.el5_8.20:0.9.8e-17.el6_2.20:1.0.0-20.el6_2.40:0.9.8e-22.el5_8.30:8.4.13-1.el6_30:8.4.13-1.el5_81:1.7.0.5-2.2.1.el6_3.32:1.2.46-2.el6_22:1.2.10-15.el5_70:3.0.33-3.39.el5_80:3.5.10-115.el6_20:2.0.9-5.el6.centos0:2.0.8-6.el6.centos0:0.12.1-3.el60:2.0.9-5.el60:2.0.8-6.el60:0.16-3.el60:10.0.8-2.el6_30:10.0.8-2.el6.centos0:10.0.8-2.el5_81:1.6.0.0-1.43.1.10.6.el6_20:8.4.11-1.el6_20:8.4.11-1.el5_80:5.3.3-3.el6_2.50:5.3.3-1.el5_7.50:1.4.18-5.el6_2.11:3.2.1-19.6.el6_2.71:3.1.1-19.10.el5_8.30:1.49-4.el5_80:2.15.1-4.el6_30:5.1.61-1.el6_2.10:5.1.6-27.el5_7.50:5.3.3-3.el6_2.60:6.0.24-36.el6_20:10.0.8-1.el6.centos0:10.0.8-1.el5.centos0:10.0.8-1.el5_80:10.0.8-1.el6_31:1.6.0.0-1.48.1.11.3.el6_230:9.3.6-20.P1.el5_8.532:9.8.2-0.10.rc1.el6_3.50:0.9.10-21.el6_3.50:2.12-1.47.el6_2.51:1.6.0.0-1.49.1.11.4.el6_30:24.2.0-2.el5_100:24.2.0-2.el5.centos0:10.0.6-1.el5.centos0:10.0.6-1.el6.centos0:10.0.6-1.el5_80:10.0.6-1.el6_332:9.7.3-8.P3.el6_2.330:9.3.6-20.P1.el5_8.10:1.0.0-20.el6_2.30:0.9.8e-22.el5_8.10:0.99.15-7.el6_3.20:1.4.5-11.el6_40:1.4.4-7.el5_100:10.0.7-1.el6.centos0:10.0.7-1.el5.centos0:10.0.7-1.el6_30:10.0.7-1.el5_80:3.8.2-14.el5_80:3.9.4-5.el6_20:2013.1.95-65.1.el6_52:2.6.9-6.el6_52:2.2.13-3.el5_100:7.1-12.el6_40:2.6.32-279.11.1.el60:0.10.2-18.el6_4.140:2.12-1.80.el6_3.30:4.9.1-2.el6_30:3.13.5-1.el6_30:1.8.7.352-13.el60:3.12.4-4.el6_4.11:3.12.4-4.el6_4.10:0.10.2-18.el6_4.50:1.7.2p1-14.el5_80:1.7.4p5-12.el6_30:2.6.32-358.14.1.el632:9.8.2-0.17.rc1.el6_4.50:2.28.1-9.el6_40:2.13.5-10.el5_100:10.0.4-1.el6.centos0:10.0.4-1.el5.centos0:10.0.4-1.el6_20:10.0.4-1.el5_80:1.4.1-10.el5_9.20:2.8.5-10.el6_4.20:9.0-0.8.el6_4.30:2.6.32-220.4.1.el60:1.8.7.352-4.el6_20:3.6.6-0.138.el5_100:3.6.9-167.el6_50:2.2.15-29.el6.centos1:2.2.15-29.el6.centos0:2.2.3-82.el5.centos1:2.2.3-82.el5.centos1:2.2.15-29.el6_40:2.2.15-29.el6_41:2.2.3-82.el5_90:2.2.3-82.el5_90:1.2.11-17.el6_4.11:1.6.0.0-1.65.1.11.14.el6_41:1.6.0.0-1.42.1.11.14.el5_100:7.15.5-17.el5_90:7.19.7-37.el6_40:1.2.1-3.el6_50:1.0.0-20.el6_2.12:0.12.1.2-2.209.el6_2.40:1.9.2.26-2.el6.centos0:1.9.2.26-2.el6_20:1.9.2.26-2.el5_70:0.12.0-12.el6_4.50:1.2.11.15-20.el6_40:3.14.3-4.el6_40:4.9.5-2.el6_40:3.14.3-3.el6_40:0.12.0-12.el6_4.30:4.29-3.el6_40:1.8.5-31.el5_90:1.8.7.352-12.el6_40:1.10.6-1.el6.centos0:1.10.6-1.el60:0.14-7.el6_4.30:5.3.3-27.el6_50:5.3.3-22.el5_100:1.2.15-2.el6_2.10:17.0.5-1.el5.centos0:17.0.5-1.el6.centos0:17.0.5-1.el5_90:17.0.5-1.el6_41:1.16.19-1.el60:7.5-13.el60:7.6-6.el60:7.5-6.el60:1.6.1-70.el5_9.20:1.10.3-10.el6_4.31:1.3.7-30.el5_9.31:1.4.2-50.el6_4.40:17.0.6-1.el6.centos0:17.0.6-1.el6_40:0.2.0-7.el6_2.11:1.7.0.25-2.3.10.3.el6_40:1.13.0-11.1.el6.centos.20:1.1.1-48.101.el5_10.10:1.13.0-11.1.el6_4.20:1.11.23-11.el6_2.10:1.11.22-11.el5_8.10:1.3-10.el6_50:1.6-7.el5_80:1.6-5.el6_20:3.1.18-2.el6.centos0:3.1.18-2.el6_20:0.12-0.21.pre5.el6_30:0.11.1-8.el5_90:0.5-2.el6_40:17.0.3-1.el5.centos0:17.0.3-1.el6.centos0:2.16.0-30.el5_90:0.12-23.el5_90:17.0.3-1.el5_90:17.0.3-1.el6_30:2.28.1-17.el6_30:0.3.0-4.el6_30:0.2.1-6.el6_40:2.6.32-20.el6_40:2.6.32-5.el5_90:0.26.2-5.el6_40:2.7.9-10.el6_4.10:2.6.6-17.el5_9.10:0.10.2-18.el60:1.2.11.15-12.el6_40:1.10.3-10.el6_4.20:2.6.32-220.7.1.el60:8.4.18-1.el5_100:8.4.18-1.el6_40:2.3-3.el6_2.10:10.0.3-1.el5.centos0:10.0.3-1.el6.centos0:10.0.3-1.el5_80:10.0.3-1.el6_232:9.8.2-0.17.rc1.el6.30:1.7.1-3.el6_4.10:0.9.10-21.el6_3.40:1.13.0-23.1.el6.centos0:1.1.1-48.101.0.1.el5.centos.20:1.13.0-23.1.el6_50:1.1.1-48.101.el5_10.20:1.0.0-27.el6_4.20:0.9.8e-26.el5_9.10:2.17.2-12.9.el60:6.0.24-52.el6_41:1.7.0.19-2.3.9.1.el6_40:10.0.11-1.el5.centos0:10.0.11-1.el6.centos0:10.0.11-1.el5_80:10.0.11-1.el6_30:2.6.32-358.23.2.el61:2.2.3-78.el5.centos1:2.2.15-28.el6.centos0:2.2.15-28.el6.centos0:2.2.3-78.el5.centos1:2.2.3-78.el5_91:2.2.15-28.el6_40:2.2.3-78.el5_90:2.2.15-28.el6_40:2.2.15-26.el6.centos0:2.2.15-26.el60:0.22.0-2.2.el5_100:0.26.2-5.1.el6_50:0.7.5-18.1.el6_40:0.86-6.el60:0.86-6.el6_40:0.73-11.el5_90:2.6.32-358.0.1.el61:3.0-7jpp.21:3.1-0.7.el6_30:1.2.1-1.el6_30:1.11.1-4.el60:0.28.3-12.el60:1.0-4.el60:17.0.6-2.el6.centos0:17.0.6-1.el5.centos0:17.0.6-2.el6_40:17.0.6-1.el5_92:2.3.14-20.el5_102:2.3.14-39.el6_42:0.12.1.2-2.355.0.1.el6.centos.52:0.12.1.2-2.355.el6_4.50:1.0.8-19.el6_50:1.0.8-8.el5_100:17.0.8-5.el6.centos0:17.0.8-5.el6_40:17.0.8-5.el5_90:17.0.8-5.el5.centos0:4.0.0-55.el6.rc40:1.33.1-16.el5_90:1.41.0-15.el6_40:5.1.67-1.el6_30:1.9402-130.el6_41:0.27-130.el6_40:1.58-130.el6_40:0.04-130.el6_40:0.30-130.el6_44:5.8.8-40.el5_90:0.20-130.el6_40:0.88-130.el6_41:0.18-130.el6_41:1.40-130.el6_41:0.56-130.el6_41:0.221-130.el6_40:1.28-130.el6_41:0.3500-130.el6_41:0.38-130.el6_41:3.90-130.el6_41:0.16-130.el6_41:2.2003.0-130.el6_40:3.17-130.el6_41:3.13-130.el6_41:0.26-130.el6_40:2.18-130.el6_41:1.04-130.el6_41:0.02-130.el6_41:2.020-130.el6_40:1.15-130.el6_43:0.77-130.el6_40:6.55-130.el6_40:0.26-130.el6_44:5.10.1-130.el6_40:3.51-130.el6_40:0.92-130.el6_40:5.10.1-130.el6_41:5.47-130.el6_40:2.020-130.el6_41:0.34-130.el6_44:1.9721-130.el6_41:1.09-130.el6_40:1.2.11.15-11.el60:6.0.24-55.el6_40:2.6.32-358.6.1.el62:2.3.14-38.el60:0.9.10-21.el6_3.80:1.9.2-82.el60:5.3.3-22.el61:1.7.0.9-2.3.5.3.el5_91:1.7.0.9-2.3.5.3.el6_31:3.12.4-4.el60:3.12.4-4.el61:4.6.2-26.el6_40:2.7.6-4.el6_2.40:2.6.26-2.1.15.el5_8.20:5.1.69-1.el6_40:2.2.0-17.el6_3.10:7.2-60.el60:1.10.2.3-28.el5_80:4.4.2.3-28.el5_80:4.8.0-19.el6_2.10:17.0.3-2.el6.centos0:17.0.3-2.el5.centos0:17.0.3-2.el6_40:17.0.3-2.el5_90:5.1.6-40.el5_90:5.3.3-23.el6_40:2.28.3-30.el60:3.6-1.el60:1.3.9-1.el60:0.5-7.el60:1.0.17-0.git4b5c1aa.el60:1.5.7-7.el60:1.5.12-5.el60:3.0.1-115.1015_open.1.el60:1.3.8-1.el60:1.0.4-1.el60:3.3.15-1.el60:1.0.8-0.git7a3adb7.el60:1.1.6-5.el60:8.70-11.el6_2.60:8.70-6.el5_7.60:2.48-13.el60:2.6.32-358.el60:0.11-11.el6_3.10:1.6.11-11.el5_90:1.6.11-9.el6_40:2.6.32-431.1.2.el61:1.7.0.45-2.4.3.2.el6_40:2.6.26-2.1.21.el5_9.10:2.7.6-12.el6_4.112:4.1.1-34.P1.el60:2.6.32-358.6.2.el60:1.3.7-4.el6_40:10.0.12-1.el5.centos0:10.0.12-1.el6.centos0:10.0.12-1.el6_30:10.0.12-1.el5_90:2.6.32-279.22.1.el60:1.3.9-6.el60:17.0.10-1.el6.centos0:17.0.10-1.el5.centos0:17.0.10-1.el6_40:17.0.10-1.el5_100:2.6.32-358.18.1.el60:3.1.18-1.el6.centos0:3.1.18-1.el6_20:2.2.15-15.el6.centos.10:2.2.15-15.el6_2.10:1.4.22-5.el6_40:4.9.2-0.el6_3.10:3.13.6-1.el6_30:3.13.6-2.el6_31:1.6.0.0-1.54.1.11.6.el6_30:6.0.24-57.el6_41:1.7.0.9-2.3.4.1.el6_31:1.7.0.9-2.3.4.el5_9.12:0.12.1.2-2.355.0.1.el6.centos.62:0.12.1.2-2.355.el6_4.60:4.0.0-60.el6_5.rc40:3.5.10-0.109.el5_80:3.5.10-116.el6_21:1.6.0.0-1.41.1.11.11.90.el5_91:1.6.0.0-1.62.1.11.11.90.el6_40:3.15.3-3.el6_50:3.15.3-4.el5_100:1.2.3-2.el6_40:1.2.11.15-14.el6_42:1.2.48-1.el6_22:1.2.10-16.el5_80:2.2.1-32.el5_9.10:2.3.11-14.el6_3.10:2.6.6-11.el5.40:2.7.9-5.el6.20:0.96-5.el6_41:1.7.0.9-2.3.7.1.el6_31:1.7.0.9-2.3.7.1.el5_90:2.7.6-6.el6_30:1.4.1-10.el5_9.10:2.8.5-10.el6_4.10:17.0.9-1.el6.centos0:17.0.9-1.el5.centos0:17.0.9-1.el5_90:17.0.9-1.el6_41:1.6.0.0-1.56.1.11.8.el6_30:1.4.4-1.el6_30:2.6.32-358.11.1.el60:24.2.0-1.el6.centos0:24.2.0-1.el5_100:24.2.0-1.el5.centos0:24.2.0-1.el6_50:1.10.3-10.el6_4.11:1.7.0.9-2.3.8.0.el6_40:5.1.2-6.el6_2.10:3.0.0-25.el60:2.28.1-8.el6_30:2.6.32-358.2.1.el67:3.1.10-16.el60:2.0.8-6.el6.centos.20:2.0.9-5.el6.centos.20:2.0.9-5.el6_3.20:2.0.8-6.el6_3.20:0.0.14-14.el6_30:1.9.2-82.4.el6_40:3.6.26-1.el5.centos0:1.9.2.26-1.el6.centos0:3.6.26-1.el6.centos0:3.6.26-1.el6_20:3.6.26-1.el5_70:1.9.2.26-1.el5_70:1.9.2.26-1.el6_22:0.12.1.2-2.355.el6_4.22:1.2.49-1.el6_22:1.2.10-17.el5_80:2.6.32-279.19.1.el60:1.1.1-13.el60:17.0.7-1.el6.centos0:17.0.7-1.el5.centos0:17.0.7-1.el5_90:17.0.7-1.el6_40:2.0.10-6.el5_100:2.0.14-6.el6_40:10.0.10-1.el6.centos0:10.0.10-1.el5.centos0:10.0.10-1.el6_30:10.0.10-1.el5_80:0.6.21-5.el6_30:0.6.21-1.el5_81:4.6.2-24.el60:2.6.32-279.5.1.el60:2007-57.el6_20:2.6e-57.el6_20:2.6.6-51.el60:1.5.2-11.el612:4.1.1-31.P1.el6_3.10:3.15.3-1.el6_50:4.10.2-1.el6_50:3.15.3-2.el6_50:17.0.8-1.el5.centos0:17.0.8-1.el6.centos0:17.0.8-3.el6.centos0:17.0.8-1.el6_40:17.0.8-3.el5_90:17.0.8-1.el5_90:17.0.8-3.el6_40:0.9.10-21.el60:1.8.7.352-10.el6_40:2.8.5-4.el6_2.20:2.0.1-11.el6_20:1.95.8-11.el5_80:9.0.3-30.el60:0.5.5-3.el6_20:1.4.22-4.el6_41:1.6.0.0-1.40.1.11.11.el5_91:1.6.0.0-1.61.1.11.11.el6_432:9.8.2-0.17.rc1.el6_4.41:1.6.0.0-1.57.1.11.9.el6_40:1.2.11.15-22.el6_40:7.15.5-16.el5_90:7.19.7-36.el6_4^6.*$^6.*$^5.*$unix^5\D.+$0:10.0.12-3.el5.centos0:10.0.12-3.el6.centos0:10.0.12-3.el5_90:10.0.12-3.el6_3